File: TODO

package info (click to toggle)
ike-scan 1.7-3
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 4,928 kB
  • ctags: 542
  • sloc: ansic: 5,931; sh: 3,589; makefile: 72
file content (42 lines) | stat: -rw-r--r-- 2,069 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
$Id: TODO,v 1.19 2004/12/22 15:28:37 rsh Exp $

Write a user guide.  The README is getting too long now: a seperate document
with proper formatting is required.  Docbook is one possible option as
this can generate HTML, PDF and other output formats and is an open standard.
Docbook details in docbook-info.txt.  LaTeX is another option - it can generate
HTML and PDF as well.

Write custom packet creation code.  This would allow an arbitary IKE packet
to be created and sent.  The generation rules would be some sort of
specification file as command-line arguments are not flexible enough for this
task.  Probably parse with yacc/lex to avoid having to write C string handling
and pattern matching.  This would override any command-line options that
define the packet such as --aggressive, --auth, --trans, --dhgroup Etc.

Add option for XML output for easier machine readability.

Decode the currently unhandled ID types: ID_IPV6_ADDR, ID_IPV6_ADDR_SUBNET,
ID_IPV6_ADDR_RANGE, ID_DER_ASN1_DN, and ID_DER_ASN1_GN (I've never seen these
used though).

Use Token Bucket algorithm for packet transmission to allow higher output
rates, esp. when minimum select() wait is relatively large.

Allow --trans options to be specified as inclusive ranges.  This would add
a host entry for each transform attribute in the range, which could be used
to determine which attributes a server supports.

Add an option to include all known vendor IDs to the outgoing packet.
Suggested by Max Kosmach.  This would require a more complex structure to
hold the vendor IDs as the current one only contains the pattern to match
which cannot simply be used as the outgoing VendorID as it may contain
metacharacters.

Allow a variable number of packets in the UDP backoff pattern.  Some VPN
servers will return different numbers of packets, but still have a unique
pattern.

Add support for Nortel Contivity PSK cracking.  This system uses a non-
standard algorithm for calculating the hash, which is a variant of Mamro's
method.  This support can be merged from the file: psk-crack-nortel.c