diff options
Diffstat (limited to 'Source/doc')
-rw-r--r-- | Source/doc/Architecture.txt | 56 | ||||
-rw-r--r-- | Source/doc/Known-bugs.txt | 6 | ||||
-rw-r--r-- | Source/doc/Todo-list.txt | 49 |
3 files changed, 0 insertions, 111 deletions
diff --git a/Source/doc/Architecture.txt b/Source/doc/Architecture.txt deleted file mode 100644 index 14b99274c..000000000 --- a/Source/doc/Architecture.txt +++ /dev/null @@ -1,56 +0,0 @@ -/** @mainpage - -@section design strongSwans overall design - -IKEv1 and IKEv2 is handled in different keying daemons. The ole IKEv1 stuff is -completely handled in pluto, as it was all the times. IKEv2 is handled in the -new keying daemon, which is called #charon. -Daemon control is done over unix sockets. Pluto uses whack, as it did for years. -Charon uses another socket interface, called stroke. Stroke uses another -format as whack and therefore is not compatible to whack. The starter utility, -wich does fast configuration parsing, speaks both the protocols, whack and -stroke. It also handles daemon startup and termination. -Pluto uses starter for some commands, for other it uses the whack utility. To be -as close to pluto as possible, charon has the same split up of commands to -starter and stroke. All commands are wrapped together in the ipsec script, which -allows transparent control of both daemons. -@verbatim - - +-----------------------------------------+ - | ipsec | - +-----+--------------+---------------+----+ - | | | - | | | - | +-----+-----+ | - +-----+----+ | | +-----+----+ - | | | starter | | | - | stroke | | | | whack | - | | +---+--+----+ | | - +------+---+ | | +--+-------+ - | | | | - +---+------+ | | +------+--+ - | | | | | | - | charon +----+ +----+ pluto | - | | | | - +-----+----+ +----+----+ - | | - +-----+----+ | - | LSF | | - +-----+----+ | - | | - +-----+----+ +----+----+ - | RAW Sock | | UDP/500 | - +----------+ +---------+ - -@endverbatim -Since IKEv2 uses the same port as IKEv1, both daemons must listen to UDP port -500. Under Linux, there is no clean way to set up two sockets at the same port. -To reslove this problem, charon uses a RAW socket, as they are used in network -sniffers. An installed Linux Socket Filter (LSF) filters out all none-IKEv2 -traffic. Pluto receives any IKE message, independant of charons behavior. -Therefore plutos behavior is changed to discard any IKEv2 traffic silently. - -To gain some reusability of the code, generic crypto and utility functions are -separeted in a shared library, libstrongswan. - -*/
\ No newline at end of file diff --git a/Source/doc/Known-bugs.txt b/Source/doc/Known-bugs.txt deleted file mode 100644 index 3f594ad79..000000000 --- a/Source/doc/Known-bugs.txt +++ /dev/null @@ -1,6 +0,0 @@ - Known bugs in charon -====================== - -- intiating the same connection twice makes trouble -- leak_detective gets confused from libpthread (invalid frees) -- installing to many SAs in the kernel at the same time causes troubles. Threading issue? diff --git a/Source/doc/Todo-list.txt b/Source/doc/Todo-list.txt deleted file mode 100644 index 11b30fb7d..000000000 --- a/Source/doc/Todo-list.txt +++ /dev/null @@ -1,49 +0,0 @@ - Todo-List for charon -====================== - -+ = done, / = partial, - = todo, ordered by priority - - -+ private key loading: der, without passphrase -+ load all private keys from ipsec.d/private/ in stroke.c -+ handle leftcert and rightcert in starterstroke.c/stroke.c -+ load specified certs in stroke.c -+ extract public keys from certs -+ public key authentication -+ release for Andreas - -+ stroke loglevels -+ stroke up -+ ike_sa_manager checkout_by_hosts -+ stroke down -+ stroke output redirection -+ stroke status - -+ libx509 - + new charon build - libstrong? - + transforms - + utils (plus host) - + logger_manager instance in lib - + leak detective usable for charon and pluto and anything else - + integrate asn1 parser/oid (asn1/oid) - + integrate basic PEM loading - + port x509 stuff - -+ doxygen cleanup (charon/lib) - -/ useable certificate support - + more id types (use atodn from pluto) - + rewrite certificate storage the clean way - - further subjectAltName support - - certificate validation/chaining - - certificate exchange - -- implement 3DES to load encrypted pem files -- ipsec.secrets parsing - -- trapping -- delete notify, when to send? -- notifys on connection setup failure -- create child sa message/rekeying - -- new build environment (autotools?) |