[Openswan dev] Openswan TODO List
Paul Wouters
paul at xelerance.com
Wed Apr 28 12:34:35 CEST 2004
On Wed, 28 Apr 2004, Ken Bantoft wrote:
> I'm going to dump my TODO list here.
Let me add a few comments here.
> 3) Adding setkey functionality to pluto
>
> Currently, we call setkey to reset the SPD on pluto startup. We should
> integrate what pieces of code are needed directly into pluto. Email
> paul at xelerance.com, as he started some work on this awhile ago.
The idea here is to try and not include the entire pfkey library from the
KAME/2.6 port, but only those parts we need.
Originally, we only needed to run setkey -F and setkey -F -P to clear the
kernel of all entries. This assumes we don't need all the code for sending
a lot of information (more then one packet) over netlink to the kernel.
However, since our "eroutes" have not been ported to the 2.6 kernel, we are
not also using setkey to display the current policies and SA's. (for instance
in ipsec barf, but it could also be added as replacement for 'ipsec eroute').
This would probably require more of the pfkey library to be present.
If anyone has design or implementation suggestions for this, I'd love to hear
them.
> 3) Interop Documentation
>
> Almost everyone uses Openswan to talk to something other than Openswan, so
> we'd like to collect updated configs (both sides!) for as many devices as
> possible, and put them into a standard document format.
I have the ideas for a stylesheet and standard way of presenting known working
interop configurations. If there is some CSS guru out there who'd like to help
me make the stylesheet and template, we can fill in common configurations for
easy viewing and retrieval for others. This is not limited to interop, but
also includes common openswan-openswan configurations.
Paul
More information about the Dev
mailing list