1 files changed, 100 insertions, 0 deletions

diff --git a/keyexchange/isakmpd-20041012/BUGS b/keyexchange/isakmpd-20041012/BUGS
new file mode 100644
index 0000000..170282c
--- /dev/null
+++ b/keyexchange/isakmpd-20041012/BUGS
@@ -0,0 +1,100 @@
+$OpenBSD: BUGS,v 1.14 2002/06/09 08:13:06 todd Exp $
+$EOM: BUGS,v 1.38 2000/02/18 08:47:35 niklas Exp $
+
+Until we have a bug-tracking system setup, we might just add bugs to this
+file:
+------------------------------------------------------------------------------
+* message_drop frees the message, this is sometimes wrong and can cause
+  duplicate frees, for example when a proposal does not get chosen. [fixed]
+
+* Notifications should be their own exchanges, otherwise the IV gets
+  disturbed. [fixed]
+
+* We need a death timeout on half-ready SAs just like exchanges.  At the
+  moment we leak SAs.
+
+* When we establish a phase 2 exchange we seem to get the wrong IV set,
+  according to SSH's logs. [fixed]
+
+* If a phase 1 SA negotiation terminates with a cause that is to be sent in
+  a NOTIFY to the peer, we get multiple free calls on the cleanup of the
+  informational exchange. [fixed]
+
+* IKE mandates that a HASH should be added to informational exchanges in
+  phase 2. [fixed]
+
+* Message_send requires an exchange to exist, and potentially it tries to
+  encrypt a message multiple times when retransmitting. [fixed]
+
+* Multiple protocol proposals seems to fail. [fixed]
+
+* The initiator fails to match the responders choice of protocol suite with
+  the correct one of its own when several are offered. [fixed]
+
+* Duplicate specified sections is not detected. [fixed]
+
+* Quick mode establishments via UI using -P bind-addr gets "Address already in
+  use".
+
+* Not chosen proposals should be deleted from the protos list in the sa
+  structure. [fixed]
+
+* Setting SPIs generates "Invalid argument" errors due to one tunnel endpoint
+  being INADDR_ANY. [fixed]
+
+* ipsec_proto structs are never allocated. [fixed]
+
+* Remove SPIs of unused proposals. [fixed]
+
+* If the first proposal is turned down, the initiator gets confused.
+
+* Renegotiation after a failed phase 1 fails.
+
+* Phase 1 rekey event removal seems to be done twice. [fixed]
+
+* PF_ENCAP expirations does not find the proper phase 2 SA to remove. [fixed]
+
+* ISAKMP SA expirations should have a soft/hard timeout just like IPsec ones.
+  The soft one should put a watchdog on the SA, and start a renegotiation as
+  soon as something used the SA.  Hard ones should just clean it up, no
+  renegotiation at all. [fixed]
+
+* ISAKMP SAs does not get removed after rekeying. [fixed]
+
+* On-demand PF_ENCAP SAs does not get reestablished. [fixed]
+
+* Rekeying is now done automatically on expirations, it should not.  The
+  SAs should be brought up on-demand just like the first time.
+
+* Notifications regarding exchange errors seems to not have the right SPI,
+  at least not in phase 1, in NO_PROPOSAL_CHOSEN.
+
+* Outgoing informational exchanges when we use INVALID_PAYLOAD_TYPE
+  cause a DOI error.
+
+* In Linux select(2) of named pipes seems broken as they will return as
+  readable even when nothing is there after one read has succeeded.
+
+* I have seen INITIAL-CONTACT sent on the second Main Mode.
+
+* When ID mismatches occur, coredumps may follow, investigate!
+
+* ESP+AH does not work properly
+
+* Looping QM seen (due to lost sendpackets from other participant?)
+
+* Teardown from UI does not remove exchanges.
+
+* Wrong error message when policy check fails.
+
+* Restransmit of QM (packet 1) after INFO/PAYLOAD_MALFORMED was received.
+
+* SIGSEGV after sa_enter: sa added to sa list, trigged by DELETE notify (Linux)
+
+* Passive connections, undefined local&remote IDs will cause IKE peer IDs
+  to be used.
+
+* host route support in KLIPS does not work properly
+
+* When not having compiled in support for a certain crypto algorithm and
+  the config file still tells us to propose it, we segfault.