This is actually Henry's to-do file, which covers more than just the
utilities, but had to go somewhere...

(H = high, M = medium, L = low, list otherwise unordered)

H  untangle the unnecessary generality in plutorun
H  should left=%defaultroute be available without interfaces=%defaultroute?
H  change config default to m
H  overridemtu=%calculate ?
H  do something to warn of changes to ipsec.conf boilerplate?
H  how to handle /usr/src/linux-2.4
H  precise reporting of unknown chars in base64 (etc.) keys
H  use metric trickery to do atomic route updates?
H  do something about the IPSEC EVENT message
H  chkconfig, maybe even startup, in RPM install
H  install the docs in /usr/local/doc, beware referenced files
H  malformed public keys are reported very mysteriously
H  manual and auto should verify ipsec running before proceeding
H  --reversemap option for showhostkey (look up name?)
H  key identifiers
H  proxy ARP support??
H  base64 decoder should (at least optionally) skip white space
H  prepluto should be synchronous
H  double startup message
H  better support for interface-flap restart
H  test & set up module-only installs
H  severity tagging for messages
H  ipchains setup
H  FreeS/WAN version number into manpages, C programs
H  non-interactive version of ogo
H  shell minimization in new setup stuff
H  patcher vs. config files
H  sort out rp_filter business
H  updown manpage, incl. suggesting location for custom one
H  ipsec_setup determine and note appropriate log files
H  showhostkey --list
H  option to copy files into kernel instead of symlinking?  aids packaging
H  updown hooks for shunts
H  ranbits, rsasigkey check availability of bits before asking for them
H  library function for mapping syslog name to number
H  "/usr/local" should be a macro defined in top-level Makefile only
H  terminology standard for docs
H  ttoaddr, ttosubnet variants which refer DNS back to caller
H  some way to check success of xconfig etc.?
H  setup should call "updown init"
H  sysctl.conf need any attention?
H  sweep logs and startup messages for unnecessary/incorrect/debugging crud
H  another look at the DESTDIR stuff, use makefile include
H  experiment with tncfg -- no need to tear all down when interfaces change?
H  auto vs. whack error messages, non-error output too
H  showroute command to postprocess auto --status?
H  rsasigkey (optionally?) generate SPKI format, RFC 2459, also RFC 2440?
H  revise look output format for compactness
H  gnats -- include send-freeswan-pr in dist, SH docs
H  SuSE etc.
H  plutoadd is N^2, too slow for large numbers of connections
H  make check
H  general manpages (ipsec? klips?) and refs to same (incl bugs)
H  investigate cross-compiles
H  general name/address mapping for manual (shell utilities for atosubnet etc.)
H  rethink syslog locations, esp. info and debug
H  snapshot notices to whole team
H  way to bring one interface up or down?

M  snapshot naming to match candidate naming
M  network restart should cause ipsec restart
M  cert build and extract utilities
M  save and replace existing routes?
M  auto-unroute option?
M  tar files should have files owned by bin/bin (1/1), not freeswan/freeswan
M  startup very slow when DNS is unavailable
M  basic regression testing (hooks needed in Klips and Pluto?)
M  ifconfig, etc. mods to use our syntaxes
M  way to force renegotiation of all connections

L  audit Klips code for magic numbers, inline, etc.
L  more thorough regression testing, full functionality, corner cases
L  examples in manpages
L  do daemons need to auto-restart on death?

2.x  drop spibase from conf file and manual
2.x  get rid of the obsolete-syntax provisions in manual and auto
2.x  revise defaults

This file is RCSID $Id: TODO,v 1.118 2002/03/01 22:18:19 henry Exp $
