From 111d24c89b6e3e46a1094b2db321ca9e52bf66e9 Mon Sep 17 00:00:00 2001
From: Michael Rash <mbr@cipherdyne.org>
Date: Fri, 3 Jul 2009 03:34:21 +0000
Subject: [PATCH] initial stab at libfko server daemon TODO's

git-svn-id: file:///home/mbr/svn/fwknop/trunk@110 510a4753-2344-4c79-9c09-4d669213fbeb
---
 TODO | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/TODO b/TODO
index 9d212486..8fb7edf3 100644
--- a/TODO
+++ b/TODO
@@ -18,7 +18,24 @@ To whom it may concern, this is -*- outline -*- mode.
 ** Man page
 
 * The fwknopd server:
-** Create it (details pending :).
+** Sniffer support to acquire SPA packet data ala the fwknopd Perl server:
+*** Packets acquired via libpcap from a live networking interface.
+*** Packets acquired via a file (supports the ulogd pcap writer).
+*** User-defined pcap filters.
+*** IP address exclusions/inclusions.
+** Replay attack detection via storage and verification of SPA digests.
+** SPA packet decryption:
+*** Support of multiple encryption keys and access requirements (SOURCE stanzas).
+*** GnuPG and Rijndael decryption.
+*** Username restrictions.
+** Firewall rule manipulation upon receipt of a valid SPA packet:
+*** Initially manipulate firewall rules by executing the firewall binary directly.
+*** Possibly use libdnet once we move past executing the firewall binary.
+*** Should concentrate on iptables, but ipfw and pf support eventually.
+*** User-defined firewall rule timeouts.
+*** NAT rules to internal systems.
+** Test on embedded platforms - especially OpenWRT on a Linksys router.
+** Process monitoring daemon (can probably just use knopwatchd since it is C already).
 
 * Nice to haves:
 ** Binary packages: