This is actually Henry's to-do file, which covers more than just the
utilities, but had to go somewhere...

(H = high, M = medium, L = low, list otherwise unordered)

H  %defaultroute in nexthop was useful
H  RSA in/out control (-DNORSA)
H  chkconfig fake is not quite good enough on Slackware
H  kernel make clean destroys stuff if we're under kernel tree
H  cp -R vs symlinks
H  gnats -- include send-freeswan-pr in dist, SH docs
H  SuSE etc.
H  plutoadd is N^2, too slow for large numbers of connections
H  minimal config file
H  manual dnssec config stuff
H  make check
H  investigate freeswan.h path problem, library build problems in Klips
H  try to localize all pathnames in top/Makefile
H  general manpages (ipsec? klips?) and refs to same (incl bugs)
H  do *something* about ipsec-manual reporting, e.g., which spi had trouble
H  investigate cross-compiles
H  general name/address mapping for manual (shell utilities for atosubnet etc.)
H  use --label in manual, auto
H  add reverse-lookup option to addrtoa
H  copyright() library function
H  example tunnels to SSH test host, ours?
H  chkconfig clone?
H  network-byte-struct-handling library functions?
H  build all libraries in kernel versions, as part of kernel build
H  time to rename struct inaddr with an eye on V6
H  rethink syslog locations, esp. info and debug
H  snapshot notices to whole team
H  selective debugging output, by connection
H  dispense with the klips/src symlink
H  manual-keyed test mode
H  way to bring one interface up or down?
H  ipsec auto --interfaces, another synonym for whack --listen
H  there's just got to be a better way to do script logging (C wrapper?)
H  forwardingcontrol ought to save and restore, not overwrite (see sw/denker)

M  tar files should have files owned by bin/bin (1/1), not freeswan/freeswan
M  library needs a host-in-subnet membership test
M  fix auto=add (etc.) in %default
M  manual can now use same SPIs both ways
M  libkernel.a needs some more dependencies
M  document /proc formats
M  startup very slow when DNS is unavailable
M  make keyingtries=0 the default on next major release
M  automatic CHANGES mailer
M  where should Pluto logging really go?
M  more checking in Makefile (kernel config)
M  basic regression testing (hooks needed in Klips and Pluto?)
M  anything we can do to confirm successful encryption without a snooper host?
M  beginnings of SPD design
M  data-formats audit (e.g. all hex numbers have 0x?)
M  audit for all --help output to stdout, all diagnostics to stderr
M  ifconfig, etc. mods to use our syntaxes
M  asymmetric encryption methods etc.
M  "ipsec auto update" (updates Pluto to match control file)?
M  way to force renegotiation of all connections
M  cache name-address mapping so we can trust it, fail if it changes
M  tighten security on manual keying, avoiding ps snooping etc.
M  overrides for barf syslog filenames in ipsec.conf
M  logger newlines
M  document just when DNS lookups are done

L  audit Klips code for magic numbers, inline, etc.
L  PGP encryption for tattler reports, snapshot-built reports
L  more SPD design
L  more thorough regression testing, full functionality, corner cases
L  examples in manpages
L  do daemons need to auto-restart on death?
L  investigate Integrated Kernel Debugging Patch (?)
L  tools for oops saving and interpreting??
L  there is some kind of IPSEC stub in 2.2, what does it do?

2.x  drop spibase from conf file and manual
2.x  get rid of the obsolete-syntax provisions in manual and auto

This file is RCSID $Id: TODO,v 1.49 1999/12/14 21:23:27 henry Exp $
