$OpenBSD: TO-DO,v 1.13 1999/06/02 06:31:54 niklas Exp $ $EOM: TO-DO,v 1.39 1999/05/25 07:52:01 niklas Exp $ This file is pretty lame as it should really contain a lot more given that the program is far from ready in any area. * Add debugging messages, maybe possible to control asynchronously. [done] * Implement the local policy governing logging and notification of exceptional conditions. * A field description mechanism used for things like making packet dumps readable etc. Both Photurisd and Pluto does this. [done] * Fix the cookies. [done] * Garbage collect transports (ref-counting?). [done] * Retransmission/dup packet handling. [done] * Generic payload checks. [mostly done] * For math, speed up multiplication and division functions. * Cleanup of SAs when dropping messages. [done] * Look over message resource tracking. [done] * Retransmission timing & count adaptivity and configurability. [configurability done] * Quick mode exchanges [done] * Aggressive mode exchange. [done] * Finish main mode exchange [done] * Separation of key exchange from the IPSEC DOI, i.e. factor out IKE details. * Setup the IPSEC situation field in the main mode. [done] * Kernel interface for IPSEC parameter passing. [done] * Notify of unsupported situations. * Set/get field macros generated from the field descriptions. [done] * SIGHUP handler with reparsing of config file. [done] * RSA signature authentication. [done] * DSS signature authentication. * RSA encryption authentication. * New group mode. * DELETE payload handling, and generation from ui. [generation done] * Deal well with incoming informational exchanges. [done] * Generate all possible SA attributes in quick mode. [done] * Validate incoming attribute according to policy, main mode. [done] * Validate incoming attribute according to policy, quick mode. * Cleanup reserved SPIs on cleanup of associated SAs. [done] * Validate attribute types (i.e. that what the specs tells should be basic). * Cleanup reserved SPIs in proposals never chosen. [done] * Add time measuring and reporting to the exchange code for catching of bottlenecks. * Rescan interfaces on SIGHUP and on reception of messages on the INADDR_ANY listener socket. * Validate the configuration file. * Do a soft-limit on ISAKMP SA lifetime. [done] * Let the hard-limit on ISAKMP SA lifetime destroy the SA ASAP. [done] * IPsec rekeying. [done] * Store tunnels into SPD, and handle acquire SA events. [pf_encap done] * If an exchange is on-going when a rekey event happens, drop the request. [done] * INITIAL CONTACT notification sending when appropriate. [done] * INITIAL CONTACT notification handling. [done] * IPsec SAs could also do with timers protecting its lifetime, if say, someone changed the lifetime of the IPsec SA in stack under us. [done for KLIPS] * Handle notifications showing the peer did not want to continue this exchange. * Flexible identification. * Remove referring flows when a SPI is removed. * IPCOMP? (PGP's new client defaults to using this...)