This is the main todo org mode file for the fwknop project
This bucket is for completed tasks.
Add a check to ensure that active and expire sets are not the same value in fwknopd.conf, and add a corresponding test in the test suite. Make the fwknop-2.0.2 release. Make the fwknop-2.0.3 release.- The current ‘make install’ behavior overwrites any existing fwknopd config
files from a previous installation.
- Updated to install fwknopd.conf -> /etc/fwknop/fwknopd.conf.inst if the fwknopd.conf file already exists, and similarly for the access.conf file.
Currently fwknopd does not do a check to ensure that the active set is enabled at init time (‘ipfw set enable 1’).
None of the ipfw variables are currently documented in the fwknopd man page.
Use assert() to validate expected values wherever possible.
fwknopd can benefit from upstart management and monitoring on Ubuntu systems.
Hank Leininger suggested that the main access.conf file have an option to include other files in which access stanzas can be specified. This makes it easy to wrap additional controls around access information particularly in multi-user environments.
When creating a release tarball under ‘make dist’, the test suite performs a check for existing lib/ directory even under –enable-recompile.
Add a series of patches to the fwknop client that break how it produces SPA data in subtle ways in order to ensure proper validation by fwknopd.
The test suite should have the ability to test backwards compatibility between fwknop versions.
Although there is currently a functioning web proxy that can serve as a UI via a browser, it would be nice to have native GNOME and KDE GUI wrappers for the fwknop client.
Extend Windows support with VB and/or C# class wrappers around the libfko.dll
Perl and Python bindings already exist for libfko, so add Ruby to this list as well.
The client currently sends an SPA packet when an encryption key is requested but the user tries to exit out with Ctrl-C.
There needs to be a way to easily disable libgpgme usage even if it is installed - this could be done with a new –disablegpg argument to the configure script.