| | 1 | dh.c: change format to binary from decimal string (without introducing |
| | 2 | endianness problems) |
| | 3 | |
| | 4 | log.c: implement a file-descriptor-to-log module |
| | 5 | |
| | 6 | netlink.c: test the 'allow_route' option properly. |
| | 7 | Add fragmentation code. Check that we comply with RFC1812. |
| | 8 | |
| | 9 | process.c: capture output from children in sys_cmd() and log it |
| | 10 | |
| | 11 | random.c: test properly |
| | 12 | |
| | 13 | resolver.c: ought to return a list of addresses for each address; the |
| | 14 | site code ought to remember them and try contacting them in turn. |
| | 15 | |
| | 16 | rsa.c: check padding type, change format to binary from decimal string |
| | 17 | (without introducing endianness problems) |
| | 18 | |
| | 19 | secnet.c: optionally pipe stderr to a log when we become a daemon. |
| | 20 | Don't just close it. |
| | 21 | |
| | 22 | site.c: Abandon key exchanges when a bad packet is received. Modify |
| | 23 | protocol to include version fields, as described in the NOTES |
| | 24 | file. Implement keepalive mode. Make policy about when to initiate key |
| | 25 | exchanges more configurable (how many NAKs / bad reverse-transforms |
| | 26 | does it take to prompt a key exchange?) |
| | 27 | |
| | 28 | slip.c: restart userv-ipif to cope with soft routes? Restart it if it |
| | 29 | fails in use? |
| | 30 | |
| | 31 | transform.c: separate the transforms into multiple parts, which can |
| | 32 | then be combined in the configuration file. Will allow the user to |
| | 33 | plug in different block ciphers, invent an authenticity-only mode, |
| | 34 | etc. (similar to udptunnel) |
| | 35 | |
| | 36 | udp.c: option for path-MTU discovery (once fragmentation support is |
| | 37 | implemented in netlink) |
| | 38 | |
| | 39 | |
| | 40 | global: |
| | 41 | consider using liboop for the event loop |
~mdw / secnet / blame_incremental