reuse reqid when a ROUTED child_sa gets INSTALLED

fixed a bug in retransmission code added support for the "keyingtries" ipsec.conf parameter added support for the "dpddelay" ipsec.conf parameter done some work for "dpdaction" behavior some other cleanups and fixes
author: Martin Willi <martin@strongswan.org> 2006-09-05 14:07:25 +0000
committer: Martin Willi <martin@strongswan.org> 2006-09-05 14:07:25 +0000
commit: a655f5c09c2ba180b7d393dbdfc8b8057293d9ab (patch)
tree: e645a61c178ebcb932a56f09e4bdcca80b230431 /src/charon/doc
parent: da8ab11e918353293953636abea73f12bf8f956e (diff)
download: strongswan-a655f5c09c2ba180b7d393dbdfc8b8057293d9ab.tar.bz2
strongswan-a655f5c09c2ba180b7d393dbdfc8b8057293d9ab.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/src/charon/doc/Todo-list.txt b/src/charon/doc/Todo-list.txt
index 10cd2f930..1d21d927e 100644
--- a/src/charon/doc/Todo-list.txt
+++ b/src/charon/doc/Todo-list.txt
@@ -63,9 +63,12 @@
 - configure flag which allows to ommit vendor id in pluto
 - use dpdaction/dpddelay parameters from ipsec.conf
 - ikelifetime should optionally enforce reauthentication
+- cookies/DDoS prevention
 - implement a mechanism against thread exhaustion
   when a blocked IKE_SA receives a lot of messages
 - add a crl fetch mechanism which synchronizes equal fetches
 - add support for CERTREQs
 - use same reqid for routed connections when they are set up
+- if a CHILD_SA gets created, check if it is already ROUTED somewhere:
+  - remove that route and reuse reqid
 - add firewall script support
author	Martin Willi <martin@strongswan.org>	2006-09-05 14:07:25 +0000
committer	Martin Willi <martin@strongswan.org>	2006-09-05 14:07:25 +0000
commit	a655f5c09c2ba180b7d393dbdfc8b8057293d9ab (patch)
tree	e645a61c178ebcb932a56f09e4bdcca80b230431 /src/charon/doc
parent	da8ab11e918353293953636abea73f12bf8f956e (diff)
download	strongswan-a655f5c09c2ba180b7d393dbdfc8b8057293d9ab.tar.bz2 strongswan-a655f5c09c2ba180b7d393dbdfc8b8057293d9ab.tar.xz