~connman-maintainers/connman/head

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
Background
==========

- Priority scale: High, Medium and Low

- Complexity scale: C1, C2, C4 and C8.
   The complexity scale is exponential, with complexity 1 being the
   lowest complexity. Complexity is a function of both task 'complexity'
   and task 'scope'.


Core
====

- Personal firewall

   Priority: Low
   Complexity: C8

   Discuss and implement a basic and safe firewalling strategy into
   Connman. Provide a D-Bus API for personal firewalling.


- PACRunner extensions

   Priority: Low
   Complexity: C4

   Support more URI schemes, support multiple connections, tighter
   security integration.


- Check logging produced by connman_info()

   Priority: Medium
   Complexity: C1

   Check that logging produced by connman_info() contains meaningful messages
   and get rid of the unnecessary ones.


- Remove --nobacktrace option

   Priority: Medium
   Complexity: C1
   When: 2.0

   Remove the --nobacktrace option or change it to --backtrace depending on
   the level of systemd integration or other factors.


- Clean up data structure usage

   Priority: Medium
   Complexity: C4

   Use hash tables, queues and lists in the code. Check on the currently used
   data structures and see if something can be simplified.


- Unit tests for DHCP, DNS and HTTP

   Priority: Low
   Complexity: C4

   Create unit tests for these components starting with DHCP. Use gtest
   from GLib for this task similarly to what has been done for OBEX in Bluez
   and oFono in general.


- Support other time sources than NTP

   Priority: Low
   Complexity: C2

   Support other time sources like cellular, GPS in addition to NTP.


- Get interface names from src/device.c

   Priority: Low
   Complexity: C2

   Instead of using ioctls in connman_inet_ifindex and connman_inet_ifname,
   utilize the information already provided by netlink in src/device.c.


- Support D-Bus ObjectManager

   Priority: Medium
   Complexity: C4

   Support D-Bus ObjectManager by using functionality already present in
   ./gdbus. Method calls and signals are already registered with gdbus, but
   properties and replies especially in Agent are still handled with plain
   dbus library function calls.

   With this, Manager API is removed, and a WiFi P2P API based on
   ObjectManager common to Linux desktops can be implemented.


Tethering
=========

- Verify if bridge has been correctly created and configured

   Priority: Low
   Complexity: C1

   When enabling tethering check if there was any error while creating and
   configuring the bridge before continue. It has been done only for WiFi
   technology, for other tethering technologies it should be evaluated
   and implemented in case it is advantageous.


WiFi
====

- Clean up WiFi data structure usage

   Priority: Medium
   Complexity: C2

   Struct wifi_data is passed as a pointer in some of the wifi plugin
   callbacks. For example removing a WiFi USB stick causes RTNL and
   wpa_supplicant to call the wifi plugin at the same time causing the
   freeing of the wifi data structure. Fix up the code to have proper
   reference counting or other handling in place for the shared wifi data
   and the members in the data structure.


- EAP-AKA/SIM

   Priority: Medium
   Complexity: C2

   This EAP is needed for SIM card based network authentication.
   ConnMan here plays a minor role: Once wpa_supplicant is set up for
   starting and EAP-AKA/SIM authentication, it will talk to a SIM card
   through its pcsc-lite API.


- EAP-FAST

   Priority: Low
   Complexity: C1


- Removing wpa_supplicant 0.7.x legacy support

  Priority: Low
  Complexity: C1

  Removing global country property setter in gsupplicant, and removing
  wifi's technology set_regdom implementation. Removing autoscan fallback.
  (Note: should be done around the end 2012)


Bluetooth
=========


Cellular
========


VPN
===

- IPsec

   Priority: Medium
   Complexity: C4


- L2TP & PPTP compatibility prefix removal

   Priority: Medium
   Complexity: C1
   When: connman 2.0

   The VPN config file provisioning patchset contains code that makes
   PPP options to be marked by "PPPD." prefix. The code supports also
   old "L2TP." and "PPTP." prefix for PPP options. Remove the compatibility
   code and only allow "PPPD." prefix for PPP options.


- Update VPNC and OpenVPN with Agent support

   Priority: Medium
   Complexity: C2

   Update VPNC and OpenVPN with VPN Agent support to request possible user
   ids and passphrases.


- Change OpenConnect plugin to use libopenconnect

   Priority: Medium
   Complexity: C4

   Current implementation of OpenConnect uses screenscraping and interactive
   mode for accepting self signed certificates and reacting to PKCS pass
   phrase requests. This should be replaced with libopenconnect use. It may be
   worthwhile to attempt to replace the whole authentication with the use of
   openconnect_obtain_cookie() whatever authentication type is used. This
   would lead to using only the cookie when connecting (--cookie-on-stdin)
   and would cleanup the code at run_connect().

   The usage of stdout can be removed as unnecessary. Cookie should be
   retrieved with openconnect_obtain_cookie(). Remove this also from
   connman_task_run().

   Function is_valid_protocol() must use openconnect_get_supported_protocols.
   Also the static const char *protocols[] would be unnecessary.

   Reading the stderr with byte-by-byte approach is to be removed, as well as
   are the PKCS failures and requests in stderr IO channel processing.

   The use of interactive mode toggle is to be removed. Non-interactive mode
   must be used, which leads to using --syslog with each authentication type
   as task arg.

   If the peer certificate cannot be verified with normal means it is because
   the peer certificate is self signed and the user setting
   "AllowSelfSignedCert" has to be used for the verify certificate callback
   reply. The callback for certificate validation must return zero if user has
   allowed self signed certificates. In such case save the SHA1 fingerprint of
   server certificate as it is done now, otherwise indicate error to
   libopenconnect.

Tools
=====

- Add Clock API support to connmanctl

   Priority: Low
   Complexity: C2

   The connmanctl command line tool should support Clock API.