initial stab at libfko server daemon TODO's

git-svn-id: file:///home/mbr/svn/fwknop/trunk@110 510a4753-2344-4c79-9c09-4d669213fbeb
2009-07-03 03:34:21 +00:00 · 2009-07-03 03:34:21 +00:00 · 111d24c89b
commit 111d24c89b
parent e0e08f0cf2
1 changed files with 18 additions and 1 deletions
--- a/19
+++ b/19
@ -18,7 +18,24 @@ To whom it may concern, this is -*- outline -*- mode.
 ** Man page

 * The fwknopd server:
-** Create it (details pending :).
+** Sniffer support to acquire SPA packet data ala the fwknopd Perl server:
+*** Packets acquired via libpcap from a live networking interface.
+*** Packets acquired via a file (supports the ulogd pcap writer).
+*** User-defined pcap filters.
+*** IP address exclusions/inclusions.
+** Replay attack detection via storage and verification of SPA digests.
+** SPA packet decryption:
+*** Support of multiple encryption keys and access requirements (SOURCE stanzas).
+*** GnuPG and Rijndael decryption.
+*** Username restrictions.
+** Firewall rule manipulation upon receipt of a valid SPA packet:
+*** Initially manipulate firewall rules by executing the firewall binary directly.
+*** Possibly use libdnet once we move past executing the firewall binary.
+*** Should concentrate on iptables, but ipfw and pf support eventually.
+*** User-defined firewall rule timeouts.
+*** NAT rules to internal systems.
+** Test on embedded platforms - especially OpenWRT on a Linksys router.
+** Process monitoring daemon (can probably just use knopwatchd since it is C already).

 * Nice to haves:
 ** Binary packages: