TODO.npf revision 1.1
1 Another TODO list is available here: 2 3 https://www.netbsd.org/~rmind/npf/__tasklist.html 4 5 ====== DOCUMENTATION ====== 6 7 -- how to convert other packet filters to npf 8 9 -- add more examples 10 11 ====== NPFCTL ====== 12 13 -- npfctl start does not load the configuration if not loaded. 14 It is not clear you need to reload first. Or if it loads it should 15 print the error messages. Or it should be called enable/disable since 16 this is what it does. It does not "start" because like an engine with 17 no fuel, an npf with no configuration does not do much. 18 19 -- npf starts up too late (after traffic can go through) 20 21 -- although the framework checks the file for consistency, returning EINVAL 22 for system failures is probably not good enough. For example if a module 23 failed to autoload, it is probably an error and it should be reported 24 differently? 25 26 -- startup/stop script does not load and save session state 27 28 -- add algo for "with short" 29 30 -- implement "port-unr" 31 32 -- implement block return-icmp in log final all with ipopts 33 34 -- handle array variables in more places 35 36 ====== GENERAL ====== 37 38 -- disable IPv4 options by default, and add a "allow-ip4opts" feature to 39 enable them 40 41 -- disable IPv6 options (IPPROTO_ROUTING, IPPROTO_HOPOPTS and IPPROTO_DSTOPTS) 42 by default, and add a "allow-ip6opts" feature to enable them 43 44 -- add an ioctl, similar to PF's DIOCNATLOOK and IPF's SIOCGNATL, and document 45 it so that it can be added in third-party software, like: 46 https://github.com/squid-cache/squid/blob/5b74111aff8948e869959113241adada0cd488c2/src/ip/Intercept.cc#L263 47 48
Indexes created Mon Sep 29 21:09:56 GMT 2025