minor todo reorganization
This commit is contained in:
Michael Rash
parent
2a3cd1abfe
commit
c354afb3b4
144
todo.org
144
todo.org
@ -1,77 +1,17 @@
|
||||
* fwknop tasks
|
||||
This is the main todo org mode file for the fwknop project
|
||||
** COMPLETED
|
||||
This bucket is for completed tasks.
|
||||
*** [client] Update to not send SPA packet if Ctrl-C is used
|
||||
:CLOSED: <2012-11-08 Thu>
|
||||
The client currently sends an SPA packet when an encryption key is
|
||||
requested but the user tries to exit out with Ctrl-C.
|
||||
- Completed by Franck Joncourt.
|
||||
*** [server] Add the ability to process pcap files offline
|
||||
:CLOSED: <2012-11-08 Thu>
|
||||
Leverage pcap_open_offline() to process pcap files from disk instead of
|
||||
sniffing the network live.
|
||||
- Added a new '--pcap-file <file>' option for this purpose.
|
||||
*** Add --disable-gpg arg to the autoconf configure script
|
||||
:CLOSED: <2012-10-31 Wed>
|
||||
There needs to be a way to easily disable libgpgme usage even if it is
|
||||
installed - this could be done with a new --disable-gpg argument to the
|
||||
configure script.
|
||||
- Added --disable-gpg to the autoconf configure script (via configure.ac)
|
||||
*** [client] Add --icmp-type and --icmp-code args
|
||||
:CLOSED: <2012-10-11 Thu>
|
||||
For SPA packets sent over ICMP via raw socket, allow the user to specify
|
||||
the ICMP type and code.
|
||||
*** [server] For Ubuntu systems, have fwknopd managed by upstart
|
||||
:CLOSED: <2012-09-27 Thu>
|
||||
fwknopd can benefit from upstart management and monitoring on Ubuntu
|
||||
systems.
|
||||
- Added the extras/upstart/fwknop.conf file so that standard upstart
|
||||
commands like "service fwknop start" can be issued.
|
||||
*** [server] ipfw active/expire sets cannot be the same
|
||||
:CLOSED: <2012-08-16 Thu>
|
||||
Add a check to ensure that active and expire sets are not the same value in
|
||||
fwknopd.conf, and add a corresponding test in the test suite.
|
||||
*** Release fwknop-2.0.2
|
||||
:CLOSED: <2012-08-18 Sat>
|
||||
Make the fwknop-2.0.2 release.
|
||||
*** Release fwknop-2.0.3
|
||||
:CLOSED: <2012-09-03 Mon>
|
||||
Make the fwknop-2.0.3 release.
|
||||
*** Update fwknopd man page for GPG_ALLOW_NO_PW
|
||||
:CLOSED: <2012-08-14 Tue>
|
||||
*** Preserve existing configs under 'make install'
|
||||
:CLOSED: <2012-08-13 Mon>
|
||||
- The current 'make install' behavior overwrites any existing fwknopd config
|
||||
files from a previous installation.
|
||||
- Updated to install fwknopd.conf -> /etc/fwknop/fwknopd.conf.inst if the
|
||||
fwknopd.conf file already exists, and similarly for the access.conf
|
||||
file.
|
||||
*** fwknopd iptables comment match detection
|
||||
:CLOSED: <2012-08-12 Sun>
|
||||
Hank Leininger suggested that fwknopd do better detection for the iptables
|
||||
comment match since it is required for the expiration of SPA rules.
|
||||
*** Set restrictive permissions on /etc/fwknop/ directory and /etc/fwknop/* files
|
||||
:CLOSED: <2012-08-12 Sun>
|
||||
Current default permissions on /etc/fwknop/ and /etc/fwknop/* are too lax.
|
||||
*** [server] access.c parsing: allow no KEY variable if GPG keys are used.
|
||||
:CLOSED: <2012-10-02 Tue>
|
||||
The access.c parsing code currently throws an error if there is not KEY
|
||||
variable in an access stanza even if GPG_ALLOW_NO_PW is set.
|
||||
** [server] Add PF NAT support for OpenBSD systems
|
||||
fwknopd already supports various NAT modes on iptables, but it should be
|
||||
extended to support NAT on PF firewalls.
|
||||
* COMPLETED
|
||||
This bucket is for completed tasks.
|
||||
** Fix MIPS compilation error
|
||||
:CLOSED: <2012-11-09 Fri>
|
||||
Franck Joncourt reported the following bug compiling fwknop MIPS via
|
||||
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689064
|
||||
|
||||
libtool: link: gcc -g -O2 -Wformat -Werror=format-security -Wall -g -O2
|
||||
-Wl,-z -Wl,relro -Wl,-z -Wl,now -Wall -fstack-protector-all
|
||||
-fstack-protector -fPIE -pie -D_FORTIFY_SOURCE=2 -Wl,-z -Wl,relro -Wl,-z
|
||||
-Wl,now -o .libs/fwknop fwknop-fwknop.o fwknop-config_init.o
|
||||
fwknop-spa_comm.o fwknop-utils.o fwknop-http_resolve_host.o
|
||||
libtool: link: gcc -g -O2 -Wformat -Werror=format-security -Wall -g -O2
|
||||
-Wl,-z -Wl,relro -Wl,-z -Wl,now -Wall -fstack-protector-all
|
||||
-fstack-protector -fPIE -pie -D_FORTIFY_SOURCE=2 -Wl,-z -Wl,relro -Wl,-z
|
||||
-Wl,now -o .libs/fwknop fwknop-fwknop.o fwknop-config_init.o
|
||||
fwknop-spa_comm.o fwknop-utils.o fwknop-http_resolve_host.o
|
||||
fwknop-getpasswd.o ../lib/.libs/libfko.so
|
||||
/usr/bin/ld: fwknop-fwknop.o: relocation R_MIPS_26 against `getenv' can not
|
||||
/usr/bin/ld: fwknop-fwknop.o: relocation R_MIPS_26 against `getenv' can not
|
||||
be used when making a shared object; recompile with -fPIC
|
||||
fwknop-fwknop.o: could not read symbols: Bad value
|
||||
collect2: ld returned 1 exit status
|
||||
@ -92,6 +32,71 @@
|
||||
Update: the problem appears to be caused by manually specifying the CFLAGS
|
||||
variable while not also specifying the LDFLAGS variable.
|
||||
|
||||
:<2012-11-09 Fri> This issue has been fixed through the Debian build
|
||||
process, and Franck has indicated that no changes are required within
|
||||
fwknop.
|
||||
|
||||
** [client] Update to not send SPA packet if Ctrl-C is used
|
||||
:CLOSED: <2012-11-08 Thu>
|
||||
The client currently sends an SPA packet when an encryption key is
|
||||
requested but the user tries to exit out with Ctrl-C.
|
||||
- Completed by Franck Joncourt.
|
||||
** [server] Add the ability to process pcap files offline
|
||||
:CLOSED: <2012-11-08 Thu>
|
||||
Leverage pcap_open_offline() to process pcap files from disk instead of
|
||||
sniffing the network live.
|
||||
- Added a new '--pcap-file <file>' option for this purpose.
|
||||
** Add --disable-gpg arg to the autoconf configure script
|
||||
:CLOSED: <2012-10-31 Wed>
|
||||
There needs to be a way to easily disable libgpgme usage even if it is
|
||||
installed - this could be done with a new --disable-gpg argument to the
|
||||
configure script.
|
||||
- Added --disable-gpg to the autoconf configure script (via configure.ac)
|
||||
** [client] Add --icmp-type and --icmp-code args
|
||||
:CLOSED: <2012-10-11 Thu>
|
||||
For SPA packets sent over ICMP via raw socket, allow the user to specify
|
||||
the ICMP type and code.
|
||||
** [server] For Ubuntu systems, have fwknopd managed by upstart
|
||||
:CLOSED: <2012-09-27 Thu>
|
||||
fwknopd can benefit from upstart management and monitoring on Ubuntu
|
||||
systems.
|
||||
- Added the extras/upstart/fwknop.conf file so that standard upstart
|
||||
commands like "service fwknop start" can be issued.
|
||||
** [server] ipfw active/expire sets cannot be the same
|
||||
:CLOSED: <2012-08-16 Thu>
|
||||
Add a check to ensure that active and expire sets are not the same value in
|
||||
fwknopd.conf, and add a corresponding test in the test suite.
|
||||
** Release fwknop-2.0.2
|
||||
:CLOSED: <2012-08-18 Sat>
|
||||
Make the fwknop-2.0.2 release.
|
||||
** Release fwknop-2.0.3
|
||||
:CLOSED: <2012-09-03 Mon>
|
||||
Make the fwknop-2.0.3 release.
|
||||
** Update fwknopd man page for GPG_ALLOW_NO_PW
|
||||
:CLOSED: <2012-08-14 Tue>
|
||||
** Preserve existing configs under 'make install'
|
||||
:CLOSED: <2012-08-13 Mon>
|
||||
- The current 'make install' behavior overwrites any existing fwknopd config
|
||||
files from a previous installation.
|
||||
- Updated to install fwknopd.conf -> /etc/fwknop/fwknopd.conf.inst if the
|
||||
fwknopd.conf file already exists, and similarly for the access.conf
|
||||
file.
|
||||
** fwknopd iptables comment match detection
|
||||
:CLOSED: <2012-08-12 Sun>
|
||||
Hank Leininger suggested that fwknopd do better detection for the iptables
|
||||
comment match since it is required for the expiration of SPA rules.
|
||||
** Set restrictive permissions on /etc/fwknop/ directory and /etc/fwknop/* files
|
||||
:CLOSED: <2012-08-12 Sun>
|
||||
Current default permissions on /etc/fwknop/ and /etc/fwknop/* are too lax.
|
||||
** [server] access.c parsing: allow no KEY variable if GPG keys are used.
|
||||
:CLOSED: <2012-10-02 Tue>
|
||||
The access.c parsing code currently throws an error if there is not KEY
|
||||
variable in an access stanza even if GPG_ALLOW_NO_PW is set.
|
||||
* TODO
|
||||
This bucket is for new tasks.
|
||||
** [server] Add PF NAT support for OpenBSD systems
|
||||
fwknopd already supports various NAT modes on iptables, but it should be
|
||||
extended to support NAT on PF firewalls.
|
||||
** [server] Add access variable to require particular IP's even when REQUIRE_SOURCE is used
|
||||
The SOURCE variable only applies to the IP header. Add analogous filtering
|
||||
for the allow IP that is encrypted within an SPA payload.
|
||||
@ -134,6 +139,5 @@
|
||||
** [test suite] client/server only tests
|
||||
When only the client or server is being installed on a system, the test
|
||||
suite should be able to run only the relevant tests.
|
||||
|
||||
** Implement SPA over IPv6
|
||||
It is important to eventually fully support SPA over IPv6.
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user