]>
Commit | Line | Data |
---|---|---|
2b4405a3 MW |
1 | ------------------------- |
2 | strongSwan - Roadmap | |
3 | ------------------------- | |
4 | ||
5 | These notes mostly belong to charon, the new IKEv2 daemon. The plan is to | |
6 | migrate IKEv1 into charon. It's hard to say how much effort is needed to | |
7 | do that, and how much code we can reuse from pluto. But a port IS necessary to | |
8 | gain hassle-free confiugration, version negotiation and maintainability. | |
9 | ||
10 | Roadmap for 2007 | |
11 | ================ | |
12 | ||
13 | Jan ¦ - first stable release of the strongSwan 4.x branch, 4.1.0? | |
14 | ¦ | |
15 | Feb ¦ - refactoring of exchange handling for better code sharing, | |
16 | ¦ we need to separate specific tasks to reuse them in multiple | |
17 | ¦ exchanges | |
18 | ¦ - merge of EAP authentication code / plugin loader | |
19 | ¦ - merge of the virtual IP support currently in the pipeline | |
20 | ¦ - merge of the experimental "mediated double-NAT" support | |
21 | ¦ - write an IETF draft for this feature | |
22 | ¦ | |
23 | Mar ¦ - interface in charon for the new SMP management interface | |
24 | ¦ - full certificate support | |
25 | ¦ - Cookie support, other fixes to mature against DoS | |
26 | ¦ | |
27 | Apr ¦ - start porting efforts of IKEv1 into charon | |
28 | ¦ - support of IKEv1 messages and payloads in charon | |
29 | ¦ | |
30 | May ¦ - migration of plutos state machine into charon | |
31 | ¦ | |
32 | Jun ¦ - get a useable IKEv1 implementation for simple cases | |
33 | ¦ | |
34 | Jul ¦ - first release of charon supporting IKEv2 and IKEv1, 4.9.0? | |
35 | ¦ - holidays :-) | |
36 | ¦ | |
37 | Aug ¦ - get IKEv1 support to the level of pluto | |
38 | ¦ | |
39 | Sep ¦ | |
40 | ¦ | |
41 | Oct ¦ | |
42 | ¦ | |
43 | Nov ¦ | |
44 | ¦ | |
45 | Dec ¦ - feature complete release, 5.0.0! | |
46 | ¦ - world domination | |
47 | ||
48 | ||
49 | TODO-List | |
50 | ========= | |
51 | ||
52 | A set of TODOs. This is only a list of things I write down to not forget them. | |
53 | Watch out for TODOs in the code. | |
54 | ||
55 | Build system | |
56 | ------------ | |
57 | - configure flag which allows to ommit vendor id in pluto | |
58 | - reduce printf handlers count to 10, as uClibc does not support more | |
59 | ||
60 | Denail of service | |
61 | ----------------- | |
62 | - Cookie support | |
63 | - thread exhaustion (multiple messages to a single IKE_SA) | |
64 | ||
65 | Certificate support | |
66 | ------------------- | |
67 | - New trustchain mechanism? | |
68 | - proper CERTREQ support | |
69 | - proper handling of multiple certificate payloads (import order) | |
70 | - synchronized CRL fetcher | |
71 | - OCSP support | |
72 | - Smartcard interface | |
73 | - Attribute certificates | |
74 | ||
75 | Stroke interface | |
76 | ---------------- | |
77 | - add a Rekey-Counter for SAs in "statusall" | |
78 | - ipsec statusall bytecount | |
79 | - detach console after first keyingtry | |
80 | - proper handling of CTRL+C console detach (SIG_PIPE) | |
81 | ||
82 | Misc | |
83 | ---- | |
84 | - retry transaction on failure while keyingtries > 1 |