$OpenBSD: TO-DO,v 1.7 1999/03/31 20:29:21 niklas Exp $ $EOM: TO-DO,v 1.29 1999/03/31 20:24:49 niklas Exp $ This file is pretty lame as it should really contain a lot more given that the program is far from ready in any area. * Add debugging messages, maybe possible to control asynchronously. [done] * Implement the local policy governing logging and notification of exceptional conditions. * A field description mechanism used for things like making packet dumps readable etc. Both Photurisd and Pluto does this. [done] * Fix the cookies. [done] * Garbage collect transports (ref-counting?). * Retransmission/dup packet handling. [done] * Generic payload checks. [mostly done] * For math, speed up multiplication and division functions. * Cleanup of SAs when dropping messages. [done] * Look over message resource tracking. * Retransmission timing & count adaptivity and configurability. [configurability done] * Quick mode exchanges [done] * Aggressive mode exchange. * Finish main mode exchange [done] * Separation of key exchange from the IPSEC DOI, i.e. factor out IKE details. * Setup the IPSEC situation field in the main mode. [done] * Kernel interface for IPSEC parameter passing. [done] * Notify of unsupported situations. * Set/get field macros generated from the field descriptions. [done] * SIGHUP handler with reparsing of config file. [done] * RSA signature authentication [done] * DSS signature authentication * RSA encryption authentication * New group mode * DELETE payload handling, and generation from ui. * Deal well with incoming informational exchanges. * Generate all possible SA attributes in quick mode. [done] * Validate incoming attribute according to policy, main mode. [done] * Validate incoming attribute according to policy, quick mode. * Cleanup reserved SPIs on cleanup of associated SAs. [done] * Validate attribute types (i.e. that what the specs tells should be basic). * Cleanup reserved SPIs in proposals never chosen. [done] * Add time measuring and reporting to the exchange code for catching of bottlenecks. * Rescan interfaces on SIGHUP and on reception of messages on the INADDR_ANY listener socket. * Validate the configuration file. * Do a soft-limit on ISAKMP SA lifetime. [done] * Let the hard-limit on ISAKMP SA lifetime destroy the SA ASAP. [done] * IPsec rekeying. [done] * Store tunnels into SPD, and handle acquire SA events. [pf_encap done] * If an exchange is on-going when a rekey event happens, drop the request. [done] * INITIAL CONTACT notification sending when appropriate. * INITIAL CONTACT notification handling.