Home | History | Annotate | Line # | Download | only in doc
TODO.npf revision 1.10 
      1 # $NetBSD: TODO.npf,v 1.10 2025/04/17 16:26:36 gdt Exp $
      2 
      3 # Meta
      4 
      5 ## merge rmind@'s TODO
      6 
      7 Merge still-to-be-done-items from another TODO list which was last
      8 modified in May, 2020:
      9   https://www.netbsd.org/~rmind/npf/__tasklist.html
     10 
     11 ## Review all items to see if they are still relevant and correct.
     12 
     13 # Documentation
     14 
     15 ## how to convert other packet filters to npf
     16 
     17 ## add more examples
     18 
     19 # npfctl
     20 
     21 ## npfctl start does not load
     22 
     23 npfctl start does not load the configuration if not loaded.
     24 It is not clear you need to reload first. Or if it loads it should
     25 print the error messages. Or it should be called enable/disable since
     26 this is what it does. It does not "start" because like an engine with
     27 no fuel, an npf with no configuration does not do much.
     28 
     29 ## better error reporting
     30 
     31 although the framework checks the file for consistency, returning
     32 EINVAL for system failures is probably not good enough. For example if
     33 a module failed to autoload, it is probably an error and it should be
     34 reported differently?
     35 
     36 ## startup/stop script does not load and save session state
     37 
     38 ## add algo for "with short"
     39 
     40 ## implement "port-unr"
     41 
     42 ## implement block return-icmp in log final all with ipopts
     43 
     44 ## handle array variables in more places
     45 
     46 # General
     47 
     48 ## disable IPv4 options by default
     49 
     50 and add a "allow-ip4opts" feature to enable them
     51 
     52 ## disable IPv6 options
     53 
     54 (IPPROTO_ROUTING, IPPROTO_HOPOPTS and IPPROTO_DSTOPTS) by default, and
     55 add a "allow-ip6opts" feature to enable them
     56 
     57 ## add an ioctl, similar to PF's DIOCNATLOOK and IPF's SIOCGNATL
     58 
     59 document it so that it can be added in third-party software, like:
     60    https://github.com/squid-cache/squid/blob/5b74111aff8948e869959113241adada0cd488c2/src/ip/Intercept.cc#L263
     61 
     62 ## support IPv6 jumbograms
     63 
     64 ## support large IPv6 options
     65 
     66 as explained here:
     67        http://mail-index.netbsd.org/tech-net/2018/04/08/msg006786.html
     68 But it's not a big problem - perhaps we don't care at all.
     69 
     70 ## add command line variables.  See -D option in pf.
     71 
     72 ## improve mss clamping
     73 
     74 as explained here:
     75        http://mail-index.netbsd.org/tech-net/2017/01/15/msg006224.html
     76