[Openswan dev] Openswan TODO List

Ken Bantoft ken at xelerance.com
Wed Apr 28 07:26:34 CEST 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


A number of people have expressed interest in helping out on the Openswan 
project, but aren't sure where to start.  Other than the Roadmap, (posted 
@ http://www.openswan.org/development/roadmap.php), we haven't been 
maintaining a public TODO list for the project.

I'm going to dump my TODO list here.

Software Development
- --------------------

Please work off of CVS HEAD if you want quick commiting of your patches.  
See http://www.openswan.org/development/cvs.php for checkout directions.


1) Merge X.509 1.5.x patches.  

I have diffs between the various versions in steps so this is simpler:

http://www.openswan.org/development/patchqueue/1.*.diff

We need to merge these in steps, but these patches need to be adjusted 
before they will apply to Openswan 2.  This will add the OSCP and 
leftprotoport=%any features.

2) IPsec Starter Integration

Based on Arkoon's code, Michael ported it up to 2.x, and then merged it.
It currently compiles, but is non-functional.  It lives in
programs/starter.  We need to add the new Openswan config parameters
support to it, so it understands things like leftsourceip, xauth, dpd,
x509, esp/ike, etc...

3) Adding setkey functionality to pluto

Currently, we call setkey to reset the SPD on pluto startup.  We should 
integrate what pieces of code are needed directly into pluto.  Email 
paul at xelerance.com, as he started some work on this awhile ago.

4) Test cases

We're constantly adding testcases (we're over 150 now) for Openswan that 
run under UML (User Mode Linux) for a complete regression test.  This 
ensures that some changes don't create big problems.  However, we don't 
have tests for every feature combination available, and these would be 
welcome, espcially more tests with NAT-Traversal.  See Testing section for 
more details on how to go about doing this.


5) Adding Kernel 2.6 to the UML test suite

Currently we're only testing 2.4 kernel builds in the UML test harness.  
We need to add Kernel 2.6 - some bits are already there, but much works 
needs to be done to build some sort of systems to run say, all of the 
pluto tests on both kernels.  Talk to mcr at xelerance.com about this.

Documentation
- -------------

1) New Feature Documentation

We've been writing bits of new docs on the Wiki, @
http://wiki.openswan.org.  We need to take the README.* files, and convert
them into decent documentation, with config examples.

2) Source Code Documentation

I've setup the tree for Doxygen use (doxygen doc/doxygen.cfg to build your 
own source-code docs, or view online @ http://www.openswan.org/development/docs/html

I've only just started to put C comments into the correct format, and
primarily on the most recent code (xauth.c, whacklib.c, programs/starter/*.c)

3) Interop Documentation

Almost everyone uses Openswan to talk to something other than Openswan, so 
we'd like to collect updated configs (both sides!) for as many devices as 
possible, and put them into a standard document format.

Testing
- -------

1) UML based testing

Anyone doing development, especially of new features should be using the 
UML test harness to automatically do thier testing. 
http://wiki.openswan.org/index.php/UMLTesting contains an updated document 
on how to set this up.  If you find problems in the doc, please take a 
moment to update the Wiki.

2) Real Life Testing

We're working on setting up some dedicated IPsec end-points so others can 
test against remotely.

3) Kernel 2.6 (and RHEL 2.4 w/IPsec backport Testing

Not all features on 2.6 work, or have even been tested.  We know a few 
things are broken - http://wiki.openswan.org/index.php/2.6KnownIssues is 
where the known issues are tracked.






- -- 
Ken Bantoft			Openswan Release Manager
ken at xelerance.com		Xelerance Corporation
sip://toronto.xelerance.com	http://www.xelerance.com

The future is here. It's just not evenly distributed yet. 
        -- William Gibson

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFAjzJ9PiOgilmwgkgRAimFAKDW/F4onCbrk6IBwEdHoEoGSe2wFwCeL0QC
Ls0pgBiZuXVGdacEgofTdzE=
=7zbR
-----END PGP SIGNATURE-----

More information about the Dev mailing list