TODO.npf revision 1.2.2.2
1 1.2.2.2 pgoyette Another TODO list is available here: 2 1.2.2.2 pgoyette 3 1.2.2.2 pgoyette https://www.netbsd.org/~rmind/npf/__tasklist.html 4 1.2.2.2 pgoyette 5 1.2.2.2 pgoyette ====== DOCUMENTATION ====== 6 1.2.2.2 pgoyette 7 1.2.2.2 pgoyette -- how to convert other packet filters to npf 8 1.2.2.2 pgoyette 9 1.2.2.2 pgoyette -- add more examples 10 1.2.2.2 pgoyette 11 1.2.2.2 pgoyette ====== NPFCTL ====== 12 1.2.2.2 pgoyette 13 1.2.2.2 pgoyette -- npfctl start does not load the configuration if not loaded. 14 1.2.2.2 pgoyette It is not clear you need to reload first. Or if it loads it should 15 1.2.2.2 pgoyette print the error messages. Or it should be called enable/disable since 16 1.2.2.2 pgoyette this is what it does. It does not "start" because like an engine with 17 1.2.2.2 pgoyette no fuel, an npf with no configuration does not do much. 18 1.2.2.2 pgoyette 19 1.2.2.2 pgoyette -- npf starts up too late (after traffic can go through) 20 1.2.2.2 pgoyette 21 1.2.2.2 pgoyette -- although the framework checks the file for consistency, returning EINVAL 22 1.2.2.2 pgoyette for system failures is probably not good enough. For example if a module 23 1.2.2.2 pgoyette failed to autoload, it is probably an error and it should be reported 24 1.2.2.2 pgoyette differently? 25 1.2.2.2 pgoyette 26 1.2.2.2 pgoyette -- startup/stop script does not load and save session state 27 1.2.2.2 pgoyette 28 1.2.2.2 pgoyette -- add algo for "with short" 29 1.2.2.2 pgoyette 30 1.2.2.2 pgoyette -- implement "port-unr" 31 1.2.2.2 pgoyette 32 1.2.2.2 pgoyette -- implement block return-icmp in log final all with ipopts 33 1.2.2.2 pgoyette 34 1.2.2.2 pgoyette -- handle array variables in more places 35 1.2.2.2 pgoyette 36 1.2.2.2 pgoyette ====== GENERAL ====== 37 1.2.2.2 pgoyette 38 1.2.2.2 pgoyette -- disable IPv4 options by default, and add a "allow-ip4opts" feature to 39 1.2.2.2 pgoyette enable them 40 1.2.2.2 pgoyette 41 1.2.2.2 pgoyette -- disable IPv6 options (IPPROTO_ROUTING, IPPROTO_HOPOPTS and IPPROTO_DSTOPTS) 42 1.2.2.2 pgoyette by default, and add a "allow-ip6opts" feature to enable them 43 1.2.2.2 pgoyette 44 1.2.2.2 pgoyette -- add an ioctl, similar to PF's DIOCNATLOOK and IPF's SIOCGNATL, and document 45 1.2.2.2 pgoyette it so that it can be added in third-party software, like: 46 1.2.2.2 pgoyette https://github.com/squid-cache/squid/blob/5b74111aff8948e869959113241adada0cd488c2/src/ip/Intercept.cc#L263 47 1.2.2.2 pgoyette 48 1.2.2.2 pgoyette -- support IPv6 jumbograms 49 1.2.2.2 pgoyette 50 1.2.2.2 pgoyette -- support large IPv6 options, as explained here: 51 1.2.2.2 pgoyette http://mail-index.netbsd.org/tech-net/2018/04/08/msg006786.html 52 1.2.2.2 pgoyette But it's not a big problem - perhaps we don't care at all. 53
Indexes created Fri Oct 31 11:10:07 GMT 2025