diff options
author | Martin Willi <martin@strongswan.org> | 2007-03-30 12:49:19 +0000 |
---|---|---|
committer | Martin Willi <martin@strongswan.org> | 2007-03-30 12:49:19 +0000 |
commit | ed284399cd504e62e1d2302d514c73378508b58a (patch) | |
tree | 8fca7f6c0c319dd69b5afc578c941c9f7b2ec059 | |
parent | 73390cce24fd9ebc44de1444499bd8427b2c0e46 (diff) | |
download | strongswan-ed284399cd504e62e1d2302d514c73378508b58a.tar.bz2 strongswan-ed284399cd504e62e1d2302d514c73378508b58a.tar.xz |
updated NEWS, TODO
-rw-r--r-- | NEWS | 10 | ||||
-rw-r--r-- | TODO | 11 |
2 files changed, 14 insertions, 7 deletions
@@ -1,3 +1,13 @@ +strongswan-4.1.1 +---------------- + +- Server side cookie support. If to may IKE_SAs are in CONNECTING state, + cookies are enabled and protect against DoS attacks with faked source + addresses. Number of IKE_SAs in CONNECTING state is also limited per + peer address to avoid resource exhaustion. IKE_SA_INIT messages are + compared to properly detect retransmissions and incoming retransmits are + detected even if the IKE_SA is blocked (e.g. doing OCSP fetches). + strongswan-4.1.0 ---------------- @@ -15,10 +15,11 @@ Roadmap 2007 ! Apr ! - PRF in CHILD_SA rekeying ! - configuration managament refactoring - ! - interface in charon for the new SMP management interface + ! - credentials backend redesign + ! - interface in charon for the XML based SMP management interface ! - reimplement IKEv2 p2p NATT support ! - May ! - XML configuration interface + May ! - SMP configuration client ! Jun ! - start with IKEv1 migration strategy ! @@ -47,11 +48,6 @@ Build system - configure flag which allows to ommit vendor id in pluto - reduce printf handlers count to 10, as uClibc does not support more -Denail of service ------------------ -- Cookie support on server -- thread exhaustion (multiple messages to a single IKE_SA) - Certificate support ------------------- - New trustchain mechanism? @@ -70,3 +66,4 @@ Misc ---- - PFS support for creating/rekeying CHILD_SAs - Address pool/backend for virtual IP assignement +- fix iterator->insert_before/after |