From 71da41451212389bea25d67bc5da696b6d194bff Mon Sep 17 00:00:00 2001 From: Othmar Gsenger Date: Sun, 25 May 2008 09:50:42 +0000 Subject: moved keyexchange to http://anytun.org/svn/keyexchange --- keyexchange/isakmpd-20041012/BUGS | 100 -------------------------------------- 1 file changed, 100 deletions(-) delete mode 100644 keyexchange/isakmpd-20041012/BUGS (limited to 'keyexchange/isakmpd-20041012/BUGS') diff --git a/keyexchange/isakmpd-20041012/BUGS b/keyexchange/isakmpd-20041012/BUGS deleted file mode 100644 index 170282c..0000000 --- a/keyexchange/isakmpd-20041012/BUGS +++ /dev/null @@ -1,100 +0,0 @@ -$OpenBSD: BUGS,v 1.14 2002/06/09 08:13:06 todd Exp $ -$EOM: BUGS,v 1.38 2000/02/18 08:47:35 niklas Exp $ - -Until we have a bug-tracking system setup, we might just add bugs to this -file: ------------------------------------------------------------------------------- -* message_drop frees the message, this is sometimes wrong and can cause - duplicate frees, for example when a proposal does not get chosen. [fixed] - -* Notifications should be their own exchanges, otherwise the IV gets - disturbed. [fixed] - -* We need a death timeout on half-ready SAs just like exchanges. At the - moment we leak SAs. - -* When we establish a phase 2 exchange we seem to get the wrong IV set, - according to SSH's logs. [fixed] - -* If a phase 1 SA negotiation terminates with a cause that is to be sent in - a NOTIFY to the peer, we get multiple free calls on the cleanup of the - informational exchange. [fixed] - -* IKE mandates that a HASH should be added to informational exchanges in - phase 2. [fixed] - -* Message_send requires an exchange to exist, and potentially it tries to - encrypt a message multiple times when retransmitting. [fixed] - -* Multiple protocol proposals seems to fail. [fixed] - -* The initiator fails to match the responders choice of protocol suite with - the correct one of its own when several are offered. [fixed] - -* Duplicate specified sections is not detected. [fixed] - -* Quick mode establishments via UI using -P bind-addr gets "Address already in - use". - -* Not chosen proposals should be deleted from the protos list in the sa - structure. [fixed] - -* Setting SPIs generates "Invalid argument" errors due to one tunnel endpoint - being INADDR_ANY. [fixed] - -* ipsec_proto structs are never allocated. [fixed] - -* Remove SPIs of unused proposals. [fixed] - -* If the first proposal is turned down, the initiator gets confused. - -* Renegotiation after a failed phase 1 fails. - -* Phase 1 rekey event removal seems to be done twice. [fixed] - -* PF_ENCAP expirations does not find the proper phase 2 SA to remove. [fixed] - -* ISAKMP SA expirations should have a soft/hard timeout just like IPsec ones. - The soft one should put a watchdog on the SA, and start a renegotiation as - soon as something used the SA. Hard ones should just clean it up, no - renegotiation at all. [fixed] - -* ISAKMP SAs does not get removed after rekeying. [fixed] - -* On-demand PF_ENCAP SAs does not get reestablished. [fixed] - -* Rekeying is now done automatically on expirations, it should not. The - SAs should be brought up on-demand just like the first time. - -* Notifications regarding exchange errors seems to not have the right SPI, - at least not in phase 1, in NO_PROPOSAL_CHOSEN. - -* Outgoing informational exchanges when we use INVALID_PAYLOAD_TYPE - cause a DOI error. - -* In Linux select(2) of named pipes seems broken as they will return as - readable even when nothing is there after one read has succeeded. - -* I have seen INITIAL-CONTACT sent on the second Main Mode. - -* When ID mismatches occur, coredumps may follow, investigate! - -* ESP+AH does not work properly - -* Looping QM seen (due to lost sendpackets from other participant?) - -* Teardown from UI does not remove exchanges. - -* Wrong error message when policy check fails. - -* Restransmit of QM (packet 1) after INFO/PAYLOAD_MALFORMED was received. - -* SIGSEGV after sa_enter: sa added to sa list, trigged by DELETE notify (Linux) - -* Passive connections, undefined local&remote IDs will cause IKE peer IDs - to be used. - -* host route support in KLIPS does not work properly - -* When not having compiled in support for a certain crypto algorithm and - the config file still tells us to propose it, we segfault. -- cgit v1.2.3