1NSCA-ng Task List 2================= 3 4The to-do items are listed in no particular order. 5 6Wish List Items for NSCA-ng 7--------------------------- 8 9- Let the server support command authorization based on host and service 10 groups. This requires the server to actually parse the submitted 11 commands, as oppposed to simply matching them against the user-supplied 12 regular expressions. 13 14- Let the server support a `clients` or `sources` directive that allows the 15 user to specify one or more subnets (globally and/or per-client). 16 Connections from source addresses outside these subnets should be 17 rejected. 18 19- Let the server support proxying of (selected or all) data (with `forward` 20 blocks in the configuration, for example). 21 22- Support requests for status and configuration data in order to provide a 23 full-blown remote API. 24 25- Let the client execute standard Nagios plugins directly (as an alternative 26 to using a script such as `contrib/invoke_check`), and maybe provide a 27 daemon mode with poor man's check scheduling (i.e., add `check_interval` 28 and `retry_interval` directives to the client configuration). 29 30- If the server is not available, let the client queue commands and results 31 using local storage and submit them as soon as the server comes up again. 32 33- Let the client talk to multiple servers. 34 35- Port the client to Microsoft Windows. 36 37- Create a client library with Perl (and maybe Python) bindings. 38 39Wish List Items for OpenSSL 40--------------------------- 41 42- Add IPv6 support to OpenSSL's `BIO_s_connect(3)` API, so that the client 43 can use IPv6. (The server supports IPv6 already.) There's a [ticket][1] 44 with a patch in OpenSSL's tracker, and a related [discussion][2] on the 45 OpenSSL development mailing list. 46 47- Support NULL encryption TLS-PSK cipher suites as defined in [RFC 4785][3]. 48 This should make it easier to use tools such as `tcpdump(8)` for debugging 49 NSCA-ng sessions. There's an [older][4] and a [newer][5] patch in 50 OpenSSL's tracker. 51 52- Support SHA-256/384 (and GCM) TLS-PSK cipher suites as per [RFC 5487][6]. 53 Someone [played around with this][7] already. 54 55[1]: http://rt.openssl.org/Ticket/Display.html?id=1365 56[2]: http://thread.gmane.org/gmane.comp.encryption.openssl.devel/11207 57[3]: http://tools.ietf.org/html/rfc4785 58[4]: http://rt.openssl.org/Ticket/Display.html?id=1886 59[5]: http://rt.openssl.org/Ticket/Display.html?id=2299 60[6]: http://tools.ietf.org/html/rfc5487 61[7]: http://permalink.gmane.org/gmane.comp.encryption.openssl.user/44388 62 63<!-- vim:set filetype=markdown textwidth=76 joinspaces: --> 64