Skip to content


Subversion checkout URL

You can clone with
Download ZIP
100644 86 lines (85 sloc) 4.557 kb
a686d96 @mrash Added org mode file
1 * fwknop tasks
2 This is the main todo org mode file for the fwknop project
543de16 @mrash [server] iptables 'comment' match check
4 This bucket is for completed tasks.
f7472be @mrash Added upstart config for Ubuntu systems
5 *** [server] For Ubuntu systems, have fwknopd managed by upstart
6 :CLOSED: <2012-09-27 Thu>
7 fwknopd can benefit from upstart management and monitoring on Ubuntu
8 systems.
9 - Added the extras/upstart/fwknop.conf file so that standard upstart
10 commands like "service fwknop start" can be issued.
3afd1aa @mrash [server] ipfw active/expire sets cannot be the same
11 *** [server] ipfw active/expire sets cannot be the same
12 :CLOSED: <2012-08-16 Thu>
13 Add a check to ensure that active and expire sets are not the same value in
14 fwknopd.conf, and add a corresponding test in the test suite.
f7e84da @mrash fwknop-2.0.2 release
15 *** Release fwknop-2.0.2
16 :CLOSED: <2012-08-18 Sat>
17 Make the fwknop-2.0.2 release.
40ac28d @mrash bump version to 2.0.3
18 *** Release fwknop-2.0.3
19 :CLOSED: <2012-09-03 Mon>
20 Make the fwknop-2.0.3 release.
c272339 @mrash notes update
21 *** Update fwknopd man page for GPG_ALLOW_NO_PW
22 :CLOSED: <2012-08-14 Tue>
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
23 *** Preserve existing configs under 'make install'
24 :CLOSED: <2012-08-13 Mon>
25 - The current 'make install' behavior overwrites any existing fwknopd config
26 files from a previous installation.
27 - Updated to install fwknopd.conf -> /etc/fwknop/fwknopd.conf.inst if the
28 fwknopd.conf file already exists, and similarly for the access.conf
29 file.
543de16 @mrash [server] iptables 'comment' match check
30 *** fwknopd iptables comment match detection
31 :CLOSED: <2012-08-12 Sun>
a686d96 @mrash Added org mode file
32 Hank Leininger suggested that fwknopd do better detection for the iptables
33 comment match since it is required for the expiration of SPA rules.
c272339 @mrash notes update
34 *** Set restrictive permissions on /etc/fwknop/ directory and /etc/fwknop/* files
8fafd4b @mrash [server] 'make install' permissions fix
35 :CLOSED: <2012-08-12 Sun>
36 Current default permissions on /etc/fwknop/ and /etc/fwknop/* are too lax.
1828f51 @mrash [server] GPG_ALLOW_NO_PW + no KEY bug fix
37 *** [server] access.c parsing: allow no KEY variable if GPG keys are used.
38 :CLOSED: <2012-10-02 Tue>
39 The access.c parsing code currently throws an error if there is not KEY
40 variable in an access stanza even if GPG_ALLOW_NO_PW is set.
f7e84da @mrash fwknop-2.0.2 release
41 ** Add 'enable' to ipfw active set at init time
42 Currently fwknopd does not do a check to ensure that the active set is
43 enabled at init time ('ipfw set enable 1').
c272339 @mrash notes update
44 ** Update fwknopd man page to include IPFW* vars
45 None of the ipfw variables are currently documented in the fwknopd man
46 page.
47 ** Use assert() in various places
48 Use assert() to validate expected values wherever possible.
fda5759 @mrash notes update
49 ** [server] Include files for access.conf
a686d96 @mrash Added org mode file
50 Hank Leininger suggested that the main access.conf file have an option to
51 include other files in which access stanzas can be specified. This makes
52 it easy to wrap additional controls around access information particularly
53 in multi-user environments.
fda5759 @mrash notes update
54 ** [test suite] Remove lib check for test suite when running in --enable-recompile mode
a087b11 @mrash todo update
55 When creating a release tarball under 'make dist', the test suite performs
56 a check for existing lib/ directory even under --enable-recompile.
fda5759 @mrash notes update
57 ** [test suite] SPA packet fuzzer
58 Add a series of patches to the fwknop client that break how it produces SPA
59 data in subtle ways in order to ensure proper validation by fwknopd.
60 ** [test suite] backwards compatibility tests
61 The test suite should have the ability to test backwards compatibility
62 between fwknop versions.
098ae41 @mrash migrated TODO tasks to the file
63 ** For Linux/Unix - a GNOME or KDE GUI app for the fwknop client.
64 Although there is currently a functioning web proxy that can serve as a
65 UI via a browser, it would be nice to have native GNOME and KDE GUI
66 wrappers for the fwknop client.
67 ** For Windows - VB and/or C# class wrappers around libfko.dll
68 Extend Windows support with VB and/or C# class wrappers around the
69 libfko.dll
70 ** Ruby bindings to libfko
71 Perl and Python bindings already exist for libfko, so add Ruby to this list
72 as well.
186a424 @mrash Added Ctrl-C and --disable-gpg notes
73 ** [client] Update to not send SPA packet if Ctrl-C is used
74 The client currently sends an SPA packet when an encryption key is
75 requested but the user tries to exit out with Ctrl-C.
76 ** Add --disable-gpg arg to the autoconf configure script
77 There needs to be a way to easily disable libgpgme usage even if it is
78 installed - this could be done with a new --disablegpg argument to the
79 configure script.
4c852c1 @mrash [todo] client/server tests
80 ** [test suite] client/server only tests
81 When only the client or server is being installed on a system, the test
82 suite should be able to run only the relevant tests.
1828f51 @mrash [server] GPG_ALLOW_NO_PW + no KEY bug fix
83 ** [server] Add access variable to require particular IP's even when REQUIRE_SOURCE is used
84 The SOURCE variable only applies to the IP header. Add analogous filtering
85 for the allow IP that is encrypted within an SPA payload.
Something went wrong with that request. Please try again.