1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
$KAME: TODO,v 1.36 2001/09/19 09:41:39 sakane Exp $
Please send any questions or bug reports to snap-users@kame.net.
TODO list
URGENT
o The documents for users convenience.
o split log file based on client. printf-like config directive, i.e.
"logfile racoon.%s.log", should be useful here.
-> beware of possible security issue, don't use sprintf() directly!
make validation before giving a string to sprintf().
o save decrypted IKE packet in tcpdump format
o IPComp SA with wellknown CPI in CPI field. how to handle it?
o better rekey
MUST
o multiple certificate payload handling.
o To consider the use with certificate infrastructure. PXIX ???
o kmstat should be improved.
o Informational Exchange processing properly.
o require less configuration. phase 2 is easier (as kernel presents racoon
some hints), phase 1 is harder. for example,
- grab phase 2 lifetime and algorith configuration from sadb_comb payloads in
ACQUIRE message.
- give reasonable default behavior when no configuration file is present.
- difficult items:
how to guess a reasonable phase 1 SA lifetime
(hardcoded default? guess from phase 2 lifetime?)
guess what kind of ID payload to use
guess what kind of authentication to be used
guess phase 1 DH group (for aggressive mode, we cannot negotiate it)
guess if we need phase 2 PFS or not (we cannot negotiate it. so
we may need to pick from "no PFS" or "same as phase 1 DH group")
guess how we should negotiate lifetime
(is "strict" a reasonable default?)
guess which mode to use for phase 1 negotiation (is main mode useful?
is base mode popular enough?)
o more acceptable check.
SHOULD
o psk.txt should be a database? (psk.db?) psk_mkdb?
o Dynamically retry to exchange and resend the packet per nodes.
o To make the list of supported algorithm by sadb_supported payload
in the SADB_REGISTER message which happens asynchronously.
o fix the structure of ph2handle.
We can handle the below case.
node A node B
+--------------SA1----------------+
+--------------SA2----------------+
at node A:
kernel
acquire(A-B) ------> ph2handle(A=B) -----> ph1handle
|
policy
A=B
A=B
But we can not handle the below case because there is no x?handle.
node A node B node C
+--------------SA1----------------+
+------------------------------------------------SA2---------------+
at node A:
kernel
acquire(A-C) ---+---> x?handle ---+---> ph2handle(A=B) -------> ph1handle
| | |
acquire(A-B) ---+ policy +---> ph2handle(A=C) -------> ph1handle
A=B
A=C
o consistency of function name.
o deep copy configuration entry to hander. It's easy to reload configuration.
o don't keep to hold keymat values, do it ?
o local address's field in isakmpsa handler must be kicked out to rmconf.
o responder policy and initiator policy should be separated.
o for lifetime and key length, something like this should be useful.
- propose N
- accept between X and Y
o wildcard "accept any proposal" policy should be allowed.
o replay prevention
- limited total number of session
- limited session per peer
- number of proposal
o full support for variable length SPI. quickhack support for IPComp is done.
MAY
o Effective code.
o interaction between IKE/IPsec and socket layer.
at this moment, IKE/IPsec failure is modeled as total packet loss to other
part of network subsystem, including socket layer. this presents the
following behaviors:
- annoyingly long timeouts on tcp connection attempt, and IKE failure;
need to wait till tcp socket timeouts.
- blackhole if there's mismatching SAs.
we may be able to give socket layer some feedback from IKE/IPsec layer.
still not sure if those make sense or not.
for example:
- send PRU_HOSTDEAD to sockets if IKE negotiation failed
(sys/netkey/key.c:key_acquire2)
to do this, we need to remember which ACQUIRE was caused by which socket,
possibly into larval SAs.
- PRU_QUENCH on "no SA found on output"
- kick tcp retransmission timer on first SA establishment
o IKE daemon should handle situations where peer does not run IKE daemon
(UDP port unreach for port 500) better.
should use connected UDP sockets for sending IKE datagrams.
o rate-limit log messages from kernel IPsec errors, like "no SA found".
TO BE TESTED.
o IKE retransmit behavior
see, draft-*-ipsec-rekeying*.txt
o Reboot recovery (peer reboot losing it's security associations)
see, draft-*-ipsec-rekeying*.txt
o Scenarios
- End-to-End transport long lived security associations
(over night, data transfer >1Gb) with frequent dynamic rekey
- End-to-GW tunnel long lived security associations
(over night, data transfer >1Gb) with frequent dynamic rekey
- Policy change events while under SA load
- End-to-End SA through IPsec tunnels, initiation both ways
- Client End-to-End through client-to-GW tunnel SA, initiate from
client for tunnel, then initiation both ways for end-to-end
- Client-to-GW transport SA for secure management
o behavior to receive multiple auth method proposals and AND proposal
and to be written many many.
|
