This is actually Henry's to-do file, which covers more than just the
utilities, but had to go somewhere...

(H = high, M = medium, L = low, list otherwise unordered)

H  ipsec_manual manpage should reference all the subcommands
H  ipsec manpage should corss-reference everything
H  ipsec_proc(5)
H  is the log line in Config.in gone?
H  setup should call "updown init"
H  updown manpage, incl. suggesting location for custom one
H  ipchains setup
H  sysctl.conf
H  fix Configure re-patching for new kernel options
H  sweep logs and startup messages for unnecessary or incorrect crud
H  do something about GMP 3.0 (discontinue providing GMP?)
H  another look at the DESTDIR stuff, use makefile include
H  experiment with tncfg -- no need to tear all down when interfaces change?
H  auto vs. whack error messages, non-error output too
H  manual should do updown invocation
H  showroute command to postprocess auto --status?
H  asynchronous atoaddr, atosubnet -- how?
H  rsasigkey (optionally?) generate SPKI format, RFC 2459, also RFC 2440?
H  chkconfig fake is not quite good enough on Slackware
H  cp -R vs symlinks
H  revise look output format for compactness
H  gnats -- include send-freeswan-pr in dist, SH docs
H  SuSE etc.
H  plutoadd is N^2, too slow for large numbers of connections
H  make check
H  smaller barfs somehow?
H  investigate freeswan.h path problem, library build problems in Klips
H  try to localize all pathnames in top/Makefile
H  general manpages (ipsec? klips?) and refs to same (incl bugs)
H  investigate cross-compiles
H  general name/address mapping for manual (shell utilities for atosubnet etc.)
H  add reverse-lookup option to addrtoa
H  copyright() library function
H  example tunnels to SSH test host, ours?
H  network-byte-struct-handling library functions?
H  time to rename struct inaddr with an eye on V6
H  rethink syslog locations, esp. info and debug
H  snapshot notices to whole team
H  dispense with the klips/src symlink
H  way to bring one interface up or down?
H  there's just got to be a better way to do script logging (C wrapper?)
H  forwardingcontrol ought to save and restore, not overwrite (see sw/denker)

M  turn Opportunism into IETF draft?
M  tar files should have files owned by bin/bin (1/1), not freeswan/freeswan
M  library needs host-in-subnet membership test, in-addr DNS-name generator
M  fix auto=add (etc.) in %default, also=
M  libkernel.a needs some more dependencies
M  document /proc formats
M  startup very slow when DNS is unavailable
M  automatic CHANGES mailer
M  more checking in Makefile (kernel config)
M  basic regression testing (hooks needed in Klips and Pluto?)
M  anything we can do to confirm successful encryption without a snooper host?
M  ifconfig, etc. mods to use our syntaxes
M  way to force renegotiation of all connections
M  cache name-address mapping so we can trust it, fail if it changes
M  tighten security on manual keying, avoiding ps snooping etc.

L  audit Klips code for magic numbers, inline, etc.
L  more thorough regression testing, full functionality, corner cases
L  examples in manpages
L  do daemons need to auto-restart on death?

2.x  drop spibase from conf file and manual
2.x  get rid of the obsolete-syntax provisions in manual and auto
2.x  make keyingtries=0 the default (revise defaults in general)

This file is RCSID $Id: TODO,v 1.72 2000/07/01 19:55:07 henry Exp $