|File: [cvs.NetBSD.org] / src / doc / TODO.npf (download)
Revision 1.7, Wed Apr 10 10:47:23 2019 UTC (18 months, 2 weeks ago) by sevan
CVS Tags: phil-wifi-20200421, phil-wifi-20200411, phil-wifi-20200406, phil-wifi-20191119, phil-wifi-20190609, netbsd-9-base, netbsd-9-1-RELEASE, netbsd-9-0-RELEASE, netbsd-9-0-RC2, netbsd-9-0-RC1, netbsd-9, is-mlppp-base, is-mlppp, HEAD
Changes since 1.6: +0 -2
npf_boot rc script loads npf.boot.conf to address that issue.
Another TODO list is available here:
====== DOCUMENTATION ======
-- how to convert other packet filters to npf
-- add more examples
-- modify the doc of IPF to indicate it is deprecated, and that
NPF should be used instead
====== NPFCTL ======
-- npfctl start does not load the configuration if not loaded.
It is not clear you need to reload first. Or if it loads it should
print the error messages. Or it should be called enable/disable since
this is what it does. It does not "start" because like an engine with
no fuel, an npf with no configuration does not do much.
-- although the framework checks the file for consistency, returning EINVAL
for system failures is probably not good enough. For example if a module
failed to autoload, it is probably an error and it should be reported
-- startup/stop script does not load and save session state
-- add algo for "with short"
-- implement "port-unr"
-- implement block return-icmp in log final all with ipopts
-- handle array variables in more places
====== GENERAL ======
-- disable IPv4 options by default, and add a "allow-ip4opts" feature to
-- disable IPv6 options (IPPROTO_ROUTING, IPPROTO_HOPOPTS and IPPROTO_DSTOPTS)
by default, and add a "allow-ip6opts" feature to enable them
-- add an ioctl, similar to PF's DIOCNATLOOK and IPF's SIOCGNATL, and document
it so that it can be added in third-party software, like:
-- support IPv6 jumbograms
-- support large IPv6 options, as explained here:
But it's not a big problem - perhaps we don't care at all.
-- add command line variables. See -D option in pf.
-- improve mss clamping, as explained here: