*
* RCSID $Id: DONE,v 1.15 1999/11/23 23:09:45 rgb Exp $
*

Bugs as of 0.90:
Done	ah tunnel -- 3 esp packets kills the sg
Done	single spi ungroup fails
Done	elucidate the meaning of 'tdb' in all error message references
Done	change AH replay window option to default to 64: NOT!
Done	explain need for ipfwadm command in the modes.html masq eg.
Done	review command order in modes.html for security/packet loss
Done	better kernel error messages for eroute commands
Done	check for missing 0x, 0t or 0s on the front of keys for spi command
Done	atodata now accepts '0c' along with '0x' and '0s': check calling code
Done	0t key format for esp3des transforms
Done	Check all klips_debug output for \n
Done	spi --ah needs testing
Done	bundled AH+ESP crashes older/slower machines
Done	ReExamine /proc/net/ipsec_* with 'less' (1pg) vs 'cat' (ok).
Done	Default none manual replay bug
Done	spi --add/--del memory leak
Done	Short-circuit udp/500 for pluto to talk unencumbered. ASK LIST
Done    clean up rh5.2 klips compile warnings
Done	'cannot record stats' on packets from valid I/F. (intermittant)
Done	hard-coded hard_header_len
Fixed	ping -s 8000 reboots system!!!
Done	"kmalloc called nonatomically from interrupt 0x0000000e"

Features for 1.0: klips kernel
	Interop with other IPSEC implementations (verify with others)
OpenBSD		ESP-3DES-HMAC-MD5-96
OpenBSD		ESP-DES-HMAC-MD5-96
OpenBSD		AH-HMAC-MD5-96
OpenBSD		AH-HMAC-SHA1-96
Done	Free all memory used for tdb table and eroute tree when unloading
Done	Symbolic proc_net # instead of hardwiring
Fixed	Examine /proc/net/ipsec_* for limits.  Currently, it corrupts the
		system if more than 3k is printed out.
Done	Add /proc/net/ipsec_spinew
Done    Add /proc/net/ipsec_versions/transforms/config
Done	Move code to /usr/src/linux/net/ipsec with symlinks back to
		freeswan install directory.
Done	Yank out i/r stuff
Done	Experimental option in kernel config
Done	Check for IPIP protocol enabled and either complain, or load it if need.
Done	Static link the klips module into the kernel
Done	klips_debug prefix on all printk's
	Dropped packet reporting
Done		count total
Done		count replay errors
Done		count bad auth
Done		count bad padding
Done		count bad algo
Done	add protocol to SA selector
Done	add a '--replace' or '--delany' option to eroute (and --quiet?)
Done	Print out protocol in /proc/net/ipsec_* SAs
Done    Short-circuit udp/500 for pluto to talk unencumbered.
Done    Change /proc/net/ipsec_spi* to output 'Decrypt' for inbound SAs
Done	Set kernel config defaults for virgin kernel. see arch/*/defconfig
Done	Switch pointer printing to %p for 64-bit compatability.
Done	Sort out routing issues (tunnel -->forward/findroute?, missing route?)
Done	Do kernel-based inbound SA detection.

Features for 1.0: klips utils
Done	Separate auth and encryption keys in esp{3,}des-hmacmd5{96,} (option?)
Done	Yank out i/r stuff
Done	Pluto/kernel.c mods for adding routes and tncfg's (check and add)
Done	Fix manual keying split key bug
Done	spi key size error checking
Done	Install manpages in the right place.
	Implement standard gnu command format long option names
Done		spi
Done		eroute
Done		tncfg
Done		klipsdebug
Done	Add error checking for valid input (ip's) to utils
	Add host/net name lookup and netmask bits to utils
Done		spi
Done		eroute
Done		spigrp
Done	Notify user why insufficient perms for non-root (getenv)
	Utils with useful parse errors (rather than spamming large usage txt)
Done		spi
Done		eroute
Done		tncfg
Done		klipsdebug
Done	Eliminate invocations of perror()
Done	Let utils get keys from files to avoid ps exposure from command line
Done	Use 0x for hex in command line parsing and provide for other radices
Done	Clear eroute tncfg and spi tables in one command
Done	Open: Protocol driver not attached -- elaborate!
Done	add protocol to SA selector
Done	add a '--replace' or '--delany' option to eroute (and --quiet?)
Done	Check error codes from resolver fns.
Done	Add SA reference to spi usage errors.
Done	--label field to replace the program name on error output.
	Enable klips manual utils to use monolithic SA specifier.
Done		spi
Done		eroute

Features for 1.0: klips documentation
Done	Html trans/tun, algos, static/insmod/kerneld setup support
Done    Prominently mark obsolete xforms (truth in labelling)
Done    Add xform usage examples
Done    Add FILES and EXAMPLES sections to manpages
Done    klips/test/README
Done    intro to rgb_setup.txt
        Xform to standards/doc_draft_refs mapping in:
Done            manpages
Done            kernel config help
Done    Update Configure.help
Done	mention tcpdump in some prominent place as a check tool. (HS)
Done	modes.html theory comments
Done	Clarify extruded section of modes.html (ie. no masquerading)

Features for 1.0: general
Done	Add function to get ipsec driver and utils version from userland
Done	Provide facility to dump system state (HS)
Done	Split patches into a sub-directory
Done	Define standard notation for SAs (HS)
Done	Utils return values from kernel:  real error codes (0 for ok)

1.1:
Done	Fragment after processing iff(DF && (effective PMTU is too small)) (rfc2401-6.1.2.2)
Done	2.2.xx support, still virtual device based.

1.2:
Done	Add {start,up,remain}{times,bytes,pkts} to /proc/net/ipsec_spi
	Per-SA statistics via /proc/net/ipsec_spi:
Done		in/out-bound packets/bytes/errors
Done		time of last packet
Done		max(cur_rx_seq#-prev_rx_seq#-1,0)
	PF_KEYv2:
		socket functions:
Done			sendmsg
Done			recvmsg
Done			upmsg
		parse extension types:
Done			SA
Done			lifetime
Done			address
Done			key
Done			spirange
		parse message types:
Done			getspi
Done			update
Done			add
Done			delete
Done			flush
Done			x_grpsa (will be obsolete...)

Features for 2.0:
Done	Investigate PMTU (rfc2401-4.4.2, 6.1.2)
Done	Mark incoming packets as from ipsec0 for accounting and validation
Done	Provide more help in debugging key input errors
Done	Include protocol (esp or ah) in SA selection
	Add xforms
Done		ESP-DES-HMAC-SHA1-96
Done		ESP-3DES-HMAC-SHA1-96
Done		ESP-NULL-HMAC-MD5-96
Done		ESP-NULL-HMAC-SHA1-96
Done		ESP-DES
Done		ESP-3DES
Done	Make IV truly optional for spi command (need kernel cryptorandom source)
		/dev/{,u}random|drivers/char/random.c:random_read()
Done	Unify esp and ah routines to one of each, calling cipher and
		authentication sub-routines as needed
Done	Have kernel config automatically configure IPIP with IPSEC?

*
* $Log: DONE,v $
* Revision 1.15  1999/11/23 23:09:45  rgb
* Updates since just after 1.1, includes more PFKEY detail.
*
* Revision 1.14  1999/10/16 04:21:45  rgb
* Long-overdue update including a few pre-1.1 things, but more post-1.1
* stuff that has been waiting to be added.
*
* Revision 1.13  1999/04/29 15:28:33  rgb
* Updates since 1.00.
*
* Revision 1.12  1999/04/06 04:54:22  rgb
* Fix/Add RCSID Id: and Log: bits to make PHMDs happy.  This includes
* patch shell fixes.
*
*
