$Id: TODO,v 1.43 2002/02/11 14:53:22 jmorris Exp $

Selopt TODO list.

Userspace:
- Flask policy for tools [NAI].
  - merge policies from Wayne Salamon.
- Security context mapping daemon (scmpd).
   - need to test with multiple SIDs per message.
   - allow debug() to be compiled out.
   - bug: pt add name doesn't always insert the correct IP address.
     (e.g. 72.114.166.206/5 for 'hostname' sometimes).
   - control socket, pid file, make a proper daemon
   - consolidate headers
- Documentation:
    - options processing [initial draft done]
    - APIs
    - man pages
- Dissectors for tcpdump and ethereal.
- Library versioning.
- Bug: flmon is reporting 2x perimtab flushes, one for kernel and one for pt.

Kernel:
- Packet queue:
  - Coalesce?  Worst case is the time taken for the first mapping to be 
    returned via scmp compared to how fast the queue is emptied.
  - Bug: observed with pings when one side was not running scmpd, there were 7
    packets in the queue, one more ping sent, and there were 14, then 21 etc.
    This may be an ICMP loop where port unreachables from the remote host are
    generating scmp lookups, and ICMP is not being processed due to queuing.
  - Queue entry expiry, TTLs etc.
- Bug: dependencies don't seem to be working for main kernel object for nsid calls.
- Make sure bogus scmp map responses can't break kernel cache.
- Bug: does not build with modular selinux-obj (new kbuild coming anyway).
- Bug: scmpd local cache doesnt seem to work if selopt asks again for same
  entry (e.g. after reload of module).
- Audit selopt module unload.
- Export inet ksyms (email davem once code is released).
- Handle defragmentation.
- Finer-grained netlink policy.
- Don't allow sockopt/raw/cmsg override of options [should be ok, but needs to be audited].
- More ICMP error reporting for labeling errors.
- ICMP labeling.
- DoS protection.
- TCP resets.
- Handle policy change (local and remote).
- Handle encap & decap hooks.
- Verify syncookies ok.
- Performance improvements: better data structures, reduce lock contention etc.
- Maping cache:
  - Count dropped packets.
  - Handle map invalidation.
  - Garbage collection.
- Extended socket API [NAI].

General:
- Audit sizeof() use to ensure always using object name, not type.
- Per-peer map dumps.
- Implement policy and new checks for labeled networking [NAI].
- Stop systems outside the perimeter from determining if we are using labeling (hard).
- Performance analysis.
- Bind perimeters to local interfaces.
- Iptables match for selopt IP options (?).
