TODO.npf revision 1.9
1 1.9 gdt # $NetBSD: TODO.npf,v 1.9 2025/04/13 23:03:03 gdt Exp $ 2 1.1 maxv 3 1.9 gdt ====== META ====== 4 1.9 gdt 5 1.9 gdt -- Merge still-to-be-done-items from another TODO list which was last 6 1.9 gdt modified in May, 2020: 7 1.1 maxv https://www.netbsd.org/~rmind/npf/__tasklist.html 8 1.1 maxv 9 1.9 gdt -- Review all items to see if they are still relevant and correct. 10 1.9 gdt 11 1.1 maxv ====== DOCUMENTATION ====== 12 1.1 maxv 13 1.1 maxv -- how to convert other packet filters to npf 14 1.1 maxv 15 1.1 maxv -- add more examples 16 1.1 maxv 17 1.1 maxv ====== NPFCTL ====== 18 1.1 maxv 19 1.1 maxv -- npfctl start does not load the configuration if not loaded. 20 1.1 maxv It is not clear you need to reload first. Or if it loads it should 21 1.1 maxv print the error messages. Or it should be called enable/disable since 22 1.1 maxv this is what it does. It does not "start" because like an engine with 23 1.1 maxv no fuel, an npf with no configuration does not do much. 24 1.1 maxv 25 1.1 maxv -- although the framework checks the file for consistency, returning EINVAL 26 1.1 maxv for system failures is probably not good enough. For example if a module 27 1.1 maxv failed to autoload, it is probably an error and it should be reported 28 1.1 maxv differently? 29 1.1 maxv 30 1.1 maxv -- startup/stop script does not load and save session state 31 1.1 maxv 32 1.1 maxv -- add algo for "with short" 33 1.1 maxv 34 1.1 maxv -- implement "port-unr" 35 1.1 maxv 36 1.1 maxv -- implement block return-icmp in log final all with ipopts 37 1.1 maxv 38 1.1 maxv -- handle array variables in more places 39 1.1 maxv 40 1.1 maxv ====== GENERAL ====== 41 1.1 maxv 42 1.1 maxv -- disable IPv4 options by default, and add a "allow-ip4opts" feature to 43 1.1 maxv enable them 44 1.1 maxv 45 1.1 maxv -- disable IPv6 options (IPPROTO_ROUTING, IPPROTO_HOPOPTS and IPPROTO_DSTOPTS) 46 1.1 maxv by default, and add a "allow-ip6opts" feature to enable them 47 1.1 maxv 48 1.1 maxv -- add an ioctl, similar to PF's DIOCNATLOOK and IPF's SIOCGNATL, and document 49 1.1 maxv it so that it can be added in third-party software, like: 50 1.1 maxv https://github.com/squid-cache/squid/blob/5b74111aff8948e869959113241adada0cd488c2/src/ip/Intercept.cc#L263 51 1.1 maxv 52 1.2 maxv -- support IPv6 jumbograms 53 1.2 maxv 54 1.2 maxv -- support large IPv6 options, as explained here: 55 1.2 maxv http://mail-index.netbsd.org/tech-net/2018/04/08/msg006786.html 56 1.2 maxv But it's not a big problem - perhaps we don't care at all. 57 1.4 darcy 58 1.4 darcy -- add command line variables. See -D option in pf. 59 1.5 sborrill 60 1.5 sborrill -- improve mss clamping, as explained here: 61 1.5 sborrill http://mail-index.netbsd.org/tech-net/2017/01/15/msg006224.html 62
Indexes created Mon Sep 29 21:09:56 GMT 2025