[secnet] / TODO

dh.c: change format to binary from decimal string (without introducing
endianness problems)

netlink.c: test the 'allow_route' option properly.
Add fragmentation code.  Check that we comply with RFC1812.

process.c: capture output from children in sys_cmd() and log it

random.c: test properly

resolver.c: ought to return a list of addresses for each address; the
site code ought to remember them and try contacting them in turn.

rsa.c: check padding type, change format to binary from decimal string
(without introducing endianness problems)

secnet.c: optionally pipe stderr to a log when we become a daemon.
Don't just close it.

site.c: Abandon key exchanges when a bad packet is received. Modify
protocol to include version fields, as described in the NOTES
file. Implement keepalive mode. Make policy about when to initiate key
exchanges more configurable (how many NAKs / bad reverse-transforms
does it take to prompt a key exchange?)

slip.c: restart userv-ipif to cope with soft routes? Restart it if it
fails in use?

transform.c: separate the transforms into multiple parts, which can
then be combined in the configuration file.  Will allow the user to
plug in different block ciphers, invent an authenticity-only mode,
etc. (similar to udptunnel)

tun.c: Solaris support, and configuring the interface and
creating/deleting routes using ioctl()

udp.c: option for path-MTU discovery (once fragmentation support is
implemented in netlink)


global:
consider using liboop for the event loop
Commit	Line	Data
8689b3a9 SE	1	dh.c: change format to binary from decimal string (without introducing
8689b3a9 SE	2	endianness problems)
2fe58dfd	3
794f2398	4	netlink.c: test the 'allow_route' option properly.
ff05a229	5	Add fragmentation code. Check that we comply with RFC1812.
c6f79b17	6
794f2398	7	process.c: capture output from children in sys_cmd() and log it
2fe58dfd	8
d3fe100d	9	random.c: test properly
2fe58dfd	10
794f2398 SE	11	resolver.c: ought to return a list of addresses for each address; the
	12	site code ought to remember them and try contacting them in turn.
	13
2fe58dfd	14	rsa.c: check padding type, change format to binary from decimal string
8689b3a9	15	(without introducing endianness problems)
2fe58dfd	16
ff05a229 SE	17	secnet.c: optionally pipe stderr to a log when we become a daemon.
	18	Don't just close it.
	19
	20	site.c: Abandon key exchanges when a bad packet is received. Modify
c6f79b17 SE	21	protocol to include version fields, as described in the NOTES
	22	file. Implement keepalive mode. Make policy about when to initiate key
	23	exchanges more configurable (how many NAKs / bad reverse-transforms
	24	does it take to prompt a key exchange?)
	25
	26	slip.c: restart userv-ipif to cope with soft routes? Restart it if it
	27	fails in use?
2fe58dfd	28
042a8da9 SE	29	transform.c: separate the transforms into multiple parts, which can
	30	then be combined in the configuration file. Will allow the user to
	31	plug in different block ciphers, invent an authenticity-only mode,
ff05a229 SE	32	etc. (similar to udptunnel)
	33
	34	tun.c: Solaris support, and configuring the interface and
	35	creating/deleting routes using ioctl()
	36
	37	udp.c: option for path-MTU discovery (once fragmentation support is
	38	implemented in netlink)
	39
	40
	41	global:
	42	consider using liboop for the event loop