[secnet] / TODO

dh.c: change format to binary from decimal string (without introducing
endianness problems)

log.c: implement a file-descriptor-to-log module

netlink.c: test the 'allow_route' option properly.
Add fragmentation code.  Check that we comply with RFC1812.

process.c: capture output from children in sys_cmd() and log it

random.c: test properly

resolver.c: ought to return a list of addresses for each address; the
site code ought to remember them and try contacting them in turn.

rsa.c: check padding type, change format to binary from decimal string
(without introducing endianness problems)

secnet.c: optionally pipe stderr to a log when we become a daemon.
Don't just close it.

site.c: Abandon key exchanges when a bad packet is received. Modify
protocol to include version fields, as described in the NOTES
file. Implement keepalive mode. Make policy about when to initiate key
exchanges more configurable (how many NAKs / bad reverse-transforms
does it take to prompt a key exchange?)

slip.c: restart userv-ipif to cope with soft routes? Restart it if it
fails in use?

transform.c: separate the transforms into multiple parts, which can
then be combined in the configuration file.  Will allow the user to
plug in different block ciphers, invent an authenticity-only mode,
etc. (similar to udptunnel)

udp.c: option for path-MTU discovery (once fragmentation support is
implemented in netlink)


global:
consider using liboop for the event loop
Commit	Line	Data
8689b3a9 SE	1	dh.c: change format to binary from decimal string (without introducing
8689b3a9 SE	2	endianness problems)
2fe58dfd	3
4f5e39ec SE	4	log.c: implement a file-descriptor-to-log module
4f5e39ec SE	5
794f2398	6	netlink.c: test the 'allow_route' option properly.
ff05a229	7	Add fragmentation code. Check that we comply with RFC1812.
c6f79b17	8
794f2398	9	process.c: capture output from children in sys_cmd() and log it
2fe58dfd	10
d3fe100d	11	random.c: test properly
2fe58dfd	12
794f2398 SE	13	resolver.c: ought to return a list of addresses for each address; the
	14	site code ought to remember them and try contacting them in turn.
	15
2fe58dfd	16	rsa.c: check padding type, change format to binary from decimal string
8689b3a9	17	(without introducing endianness problems)
2fe58dfd	18
ff05a229 SE	19	secnet.c: optionally pipe stderr to a log when we become a daemon.
	20	Don't just close it.
	21
	22	site.c: Abandon key exchanges when a bad packet is received. Modify
c6f79b17 SE	23	protocol to include version fields, as described in the NOTES
	24	file. Implement keepalive mode. Make policy about when to initiate key
	25	exchanges more configurable (how many NAKs / bad reverse-transforms
	26	does it take to prompt a key exchange?)
	27
	28	slip.c: restart userv-ipif to cope with soft routes? Restart it if it
	29	fails in use?
2fe58dfd	30
042a8da9 SE	31	transform.c: separate the transforms into multiple parts, which can
	32	then be combined in the configuration file. Will allow the user to
	33	plug in different block ciphers, invent an authenticity-only mode,
ff05a229 SE	34	etc. (similar to udptunnel)
ff05a229 SE	35
ff05a229 SE	36	udp.c: option for path-MTU discovery (once fragmentation support is
	37	implemented in netlink)
	38
	39
	40	global:
	41	consider using liboop for the event loop