Toronto 2018 meetup: Difference between revisions
Jump to navigation
Jump to search
Paul Wouters (talk | contribs) No edit summary |
Paul Wouters (talk | contribs) No edit summary |
||
(11 intermediate revisions by the same user not shown) | |||
Line 5: | Line 5: | ||
* killing MAST | * killing MAST | ||
* Killing KLIPS | * Killing KLIPS | ||
- Disable KLIPS per default | - Disable KLIPS per default | ||
- Announce KLIPS will be removed first release after Feburary 2019 | - Announce KLIPS will be removed first release after Feburary 2019 | ||
Line 12: | Line 14: | ||
= Bugs = | = Bugs = | ||
= Misc. = | = Misc. = | ||
* technical debt | * technical debt | ||
* testing using lightweight namespaces | |||
* IKEv2 state name changes | |||
* get state names out of enduser logging | |||
* remove duplicate / similar logging functions | |||
* logging to stderrlog or file | |||
* Cleanup debug log messages that serve no good purpose anymore | |||
* openwrt build / patched to upstream including all architectures | |||
* logging groups too many and not used | |||
* time data structures and complexity | |||
* addconn thread work being done inline in pluto | |||
* microstates | |||
* compile without ikev1 support | |||
* remove biddown ikev1/ikev2 | |||
* conn being ikev1 or ikev2 not both. | |||
* shunks, chunks and other strings. | |||
* pluto interface / ip discovery (bind to ANY) | |||
* howto IKEv2 proplsals properly with existing | |||
* enduser usability - simpler interface. (eg type=profile) | |||
* compress for IKEv2 is broken | |||
* simpler command tool / what to do whack / auto | |||
* webgui discussion | |||
* explain LSWLOG / LSWDEBUGLOG | |||
* EAP-TLS and EAP-mschapv2 architecture, design external or internal | |||
* XAUTH payload padding and Checkpoint | |||
* IKEv1 duplicate messages | |||
* IPv6 addresspool | |||
* VTI and/or XFRMi support and obsoleting VTI or not | |||
* Talk about Test Suite improvements | |||
* teardown case for tests | |||
* Storing packets for multiple exchanges at once to support simultanious exchange | |||
* cleanup msgid to not require so many ntoh() / hton() | |||
* Using reqid from ACQUIRE to improve find_host_connection | |||
* split IKE_INIT from connection ??? | |||
* IKE_AUTH traffic selector mismatch handling | |||
* MULTIPLE_AUTH / EAP support | |||
* childless IKE SA | |||
* Bug reporting github vs other | |||
* Known issues file ? | |||
* Introducing travis ? | |||
* Introducing Coverity | |||
* Website redo ? more HOWTO docs? | |||
* phase out asn1.h | |||
* merge in IKE_REDIRECT | |||
* merge in TCP support | |||
* XFRM bogus policy bug | |||
* Function names ikev2_* to v2_* | |||
* add ipsec auto/whack command that does parent-rekey and child-rekey | |||
(can be used for hardwarefailover when IKE state is synced between nodes( |
Latest revision as of 00:47, 11 October 2018
Roadmap
- killing MAST
- Killing KLIPS
- Disable KLIPS per default
- Announce KLIPS will be removed first release after Feburary 2019
- Changing shunts
Bugs
Misc.
- technical debt
- testing using lightweight namespaces
- IKEv2 state name changes
- get state names out of enduser logging
- remove duplicate / similar logging functions
- logging to stderrlog or file
- Cleanup debug log messages that serve no good purpose anymore
- openwrt build / patched to upstream including all architectures
- logging groups too many and not used
- time data structures and complexity
- addconn thread work being done inline in pluto
- microstates
- compile without ikev1 support
- remove biddown ikev1/ikev2
- conn being ikev1 or ikev2 not both.
- shunks, chunks and other strings.
- pluto interface / ip discovery (bind to ANY)
- howto IKEv2 proplsals properly with existing
- enduser usability - simpler interface. (eg type=profile)
- compress for IKEv2 is broken
- simpler command tool / what to do whack / auto
- webgui discussion
- explain LSWLOG / LSWDEBUGLOG
- EAP-TLS and EAP-mschapv2 architecture, design external or internal
- XAUTH payload padding and Checkpoint
- IKEv1 duplicate messages
- IPv6 addresspool
- VTI and/or XFRMi support and obsoleting VTI or not
- Talk about Test Suite improvements
- teardown case for tests
- Storing packets for multiple exchanges at once to support simultanious exchange
- cleanup msgid to not require so many ntoh() / hton()
- Using reqid from ACQUIRE to improve find_host_connection
- split IKE_INIT from connection ???
- IKE_AUTH traffic selector mismatch handling
- MULTIPLE_AUTH / EAP support
- childless IKE SA
- Bug reporting github vs other
- Known issues file ?
- Introducing travis ?
- Introducing Coverity
- Website redo ? more HOWTO docs?
- phase out asn1.h
- merge in IKE_REDIRECT
- merge in TCP support
- XFRM bogus policy bug
- Function names ikev2_* to v2_*
- add ipsec auto/whack command that does parent-rekey and child-rekey
(can be used for hardwarefailover when IKE state is synced between nodes(