*
* RCSID $Id: TODO,v 1.53 1999/11/23 23:09:45 rgb Exp $
*

Bugs:
2.0.xx problems reported with LFS1.1: MTU/fragmentation, instability

Features for 1.0: klips kernel
Most	Provide more useful error messages from kernel
Most	Sanitize klips headers for use above and below kernel/user I/F.
Part	#defines for kernel constants ie. hash function magic numbers, etc.
1.0	Clear all eroutes and spis when last ipsec device is ifconfiged down.
	Per-bundle debugging.
	Per-SA statistics via /proc/net/ipsec_spi:
		total late/lost

Features for 1.0: klips utils
	Errors:  what is wrong, where in code, what can't do, what is fix
	Implement standard gnu command format long option names: spigrp
	Utils with useful parse errors (not generic usage txt): spigrp
	Use consistent units: ie. hex digits, bytes or bits.
	Enable klips manual utils to use monolithic SA specifier.
		spigrp
Most	Include 'ipsec' prefix in all manual utils calls in test scripts

Features for 1.0: klips documentation
	Xform to standards/doc_draft_refs mapping in source header comments
	Create HOWTO-debug_IPSEC (troubleshooting guide)
	Mobile-ipsec

Features for 1.0: general
1.1	Audit for info leaks
1.1	Audit for specs
1.1	Audit for bugs ?!?
HS?	Make 'check' (gnu coding standard, make, make check, make install)
	Errors: when,who,to whom,what,what can't do,what is wrong,how to fix   
	error reporting: (1) programmer's debugging (2) user's debugging
	GNATS DB -- HS?

1.1:

Features for 2.0:
	PF_KEYv2:
		socket functions:
			signal userspace process
		parse extension types:
			ident (written, needs testing)
			sens
			prop
			supported
			x_kmprivate
		parse message types:
			get
			acquire
			register
			expire
			dump
			x_promisc
			x_pchange
	Port to ipchains/netfilter (with ifdefs to virtual device paradigm)
	Create user library from common user-space code (pfkey,...)
PJO		pfkey_v2_parse
		pfkey_v2_create
	Kernel interface documentation (this will change on PF_KEY2 and 2.2.xx)
Most	Expire SA's on soft/hard time/seq/qty and signal user (pfkey)(user timeout too)
	Convert to AES algorithm I/F to be able to add algorithms.
		http://www.seven77.demon.co.uk/aes.htm
	Add xforms
		IPPCP-Deflate
		IPPCP-LZS (proprietary?)
	Update transforms
		AH-MD5-128 (RFC1828?)
		ESP-DES-CBC (RFC1829?)
	Check for weak keys and reject (k1==k2, k2==k3) (des_is_weak_key(), des_set_odd_parity())
	Add processing for IP options in outgoing and incoming packets
		(rfc2402, 3.3.3.1.1.2, appendix A)
	Add support for userspace udp/500 blasting at selected port number. (SPD)
	Be able to use <uid>, <proto>, <sport> and <dport> in SPD.
	Force all incoming packets through IPSEC SPD check
	Separate in/out/IF SPD/SADs (rfc2401-4.4)
	Accept IP ranges (pluto or eroute?)
	Config option to accept or reject unauthenticated ICMP traffic (rfc2401-6.)
	Config option to copy DF bit to new tunnel (rfc2401-6.1.1, Appendix.B)
	Dynamic Assignment of the "inside" tunnel address for the road warrior.
		http://www.ietf.org/internet-drafts/draft-ietf-ipsec-dhcp-01.txt
		http://www.ietf.org/internet-drafts/draft-gupta-ipsec-remote-access-01.txt
		http://www.ietf.org/internet-drafts/draft-ietf-nat-hnat-00.txt
		http://www.sandelman.ottawa.on.ca/SSW/ietf/draft-richardson-ipsec-traversal-cert-01.txt
DHR?	Port to DNSSEC
	Standardise for code portability -- standard C (ask HS)
	L2TP?
	LDAP?
	SNMPv3
GG	Port to IPv6

*
* $Log: TODO,v $
* Revision 1.53  1999/11/23 23:09:45  rgb
* Updates since just after 1.1, includes more PFKEY detail.
*
* Revision 1.52  1999/10/16 04:21:45  rgb
* Long-overdue update including a few pre-1.1 things, but more post-1.1
* stuff that has been waiting to be added.
*
* Revision 1.51  1999/09/18 11:36:05  rgb
* Clarify 2.2/ipchains/netfilter goals.
*
* Revision 1.50  1999/08/06 16:02:26  rgb
* Add JSD's tunnel statistics wish list.
*
* Revision 1.49  1999/08/03 17:38:38  rgb
* Minor cleanup.
*
* Revision 1.48  1999/04/29 15:28:45  rgb
* Updates since 1.00.
*
* Revision 1.47  1999/04/06 04:54:23  rgb
* Fix/Add RCSID Id: and Log: bits to make PHMDs happy.  This includes
* patch shell fixes.
*
*
