Module Name:    src
Committed By:   maxv
Date:           Sun Apr  8 08:57:37 UTC 2018

Added Files:
        src/doc: TODO.npf
Removed Files:
        src/usr.sbin/npf/npfctl: todo

Log Message:
Move NPF's todo list into src/doc/TODO.npf, and add some entries. After a
conversation (two months ago) with rmind and sborrill.

To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 src/doc/TODO.npf
cvs rdiff -u -r1.15 -r0 src/usr.sbin/npf/npfctl/todo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Added files:

Index: src/doc/TODO.npf
diff -u /dev/null src/doc/TODO.npf:1.1
--- /dev/null	Sun Apr  8 08:57:37 2018
+++ src/doc/TODO.npf	Sun Apr  8 08:57:37 2018
@@ -0,0 +1,47 @@
+Another TODO list is available here:
+====== DOCUMENTATION ======
+-- how to convert other packet filters to npf
+-- add more examples
+====== NPFCTL ======
+-- npfctl start does not load the configuration if not loaded.
+   It is not clear you need to reload first. Or if it loads it should
+   print the error messages. Or it should be called enable/disable since
+   this is what it does. It does not "start" because like an engine with
+   no fuel, an npf with no configuration does not do much.
+-- npf starts up too late (after traffic can go through)
+-- although the framework checks the file for consistency, returning EINVAL
+   for system failures is probably not good enough. For example if a module
+   failed to autoload, it is probably an error and it should be reported
+   differently?
+-- startup/stop script does not load and save session state
+-- add algo for "with short"
+-- implement "port-unr"
+-- implement block return-icmp in log final all with ipopts
+-- handle array variables in more places
+====== GENERAL ======
+-- disable IPv4 options by default, and add a "allow-ip4opts" feature to
+   enable them
+   by default, and add a "allow-ip6opts" feature to enable them
+-- add an ioctl, similar to PF's DIOCNATLOOK and IPF's SIOCGNATL, and document
+   it so that it can be added in third-party software, like:

Reply via email to