summaryrefslogtreecommitdiff
path: root/sbin/isakmpd/TO-DO
blob: 01ce728d76a9b04531683acebfa4a5653a4721d3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
$OpenBSD: TO-DO,v 1.6 1998/12/21 01:02:23 niklas Exp $
$EOM: TO-DO,v 1.28 1998/12/17 07:50:49 niklas Exp $

This file is pretty lame as it should really contain a lot more given that
the program is far from ready in any area.

* Add debugging messages, maybe possible to control asynchronously. [done]

* Implement the local policy governing logging and notification of exceptional
  conditions.

* A field description mechanism used for things like making packet dumps
  readable etc.  Both Photurisd and Pluto does this. [done]

* Fix the cookies. <Niels> [done]

* Garbage collect transports (ref-counting?).

* Retransmission/dup packet handling. [done]

* Generic payload checks. [mostly done]

* For math, speed up multiplication and division functions.

* Cleanup of SAs when dropping messages. [done]

* Look over message resource tracking.

* Retransmission timing & count adaptivity and configurability.
  [configurability done]

* Quick mode exchanges [done]

* Aggressive mode exchange. <Niels>

* Finish main mode exchange [done]

* Separation of key exchange from the IPSEC DOI, i.e. factor out IKE details.

* Setup the IPSEC situation field in the main mode. [done]

* Kernel interface for IPSEC parameter passing. [done]

* Notify of unsupported situations.

* Set/get field macros generated from the field descriptions. [done]

* SIGHUP handler with reparsing of config file. [done]

* RSA signature authentication <Niels> [done]

* DSS signature authentication

* RSA encryption authentication

* New group mode

* DELETE payload handling, and generation from ui.

* Deal well with incoming informational exchanges.

* Generate all possible SA attributes in quick mode. [done]

* Validate incoming attribute according to policy, main mode. [done]

* Validate incoming attribute according to policy, quick mode.

* Cleanup reserved SPIs on cleanup of associated SAs. [done]

* Validate attribute types (i.e. that what the specs tells should be
  basic).

* Cleanup reserved SPIs in proposals never chosen. [done]

* Add time measuring and reporting to the exchange code for catching of
  bottlenecks.

* Rescan interfaces on SIGHUP and on reception of messages on the INADDR_ANY
  listener socket.

* Validate the configuration file.

* Do a soft-limit on ISAKMP SA lifetime.

* Let the hard-limit on ISAKMP SA lifetime destroy the SA ASAP.

* IPsec rekeying.

* Store tunnels into SPD, and handle acquire SA events.

* If an exchange is on-going when a rekey event happens, drop the request.