TODO

TODO List for netfilter / iptables. 
Currently maintained by Harald Welte <laforge@gnumonks.org>

Please inform me, if you want to work on any of the TODO items, so I
can update this list and thus prevent two people doing the same work.

CVS ID: $Id: TODO,v 1.51 2001/11/24 22:59:16 jamesm Exp $

IMPORTANT issues:
- token ring crashes ??
- solution for nostate / notrack (we don't want to track specific conn's)
- iptables-save/restore problems with log-level
- multiple related connections [HW]
- ip_conntrack rmmod loop (sometimes, Yan's patch?)
- conntrack helper not called for first packet (udp!)
- add support for correct SACK handling [HW]
- erroneously too-fast dropped conntrack for half-open TCP connections [HW]
- mangle table should use all five netfilter hooks [BC]
- wrong 'Out of window' error message from tcp-windowtracking [HW]
- --mac-source not working in FORWARD (manpage bug?)
- netfilter hooks should give error if same function registers twice [HW]
- speed issues (mark_source_chains, Robert Olsson)

NICE to have:
- make RPC conntrack work again
- interface names in ipv6 can contain _ and -
- multicast connection tracking
- sysctl support for ftp-multi, irc-conntrack/nat, ftp-fxp
- integrate HOPLIMIT for ipv6 in patch-o-matic [HW]
- u32 classifier (port from tc -> iptables) [YU]
- MARK match / target with boolean OR / AND (to use nfmark bitwise)
- documentation for libiptc
- port conntrack to IPv6 (code reuse?) [BB]
- make patch-o-matic reversible
- CONFIG_NF_IP_NAT_LOCAL
- fix and test the netfilter bridging stuff
- various NAT performance optimizations possible! (which? ask HW)
- ip_nat_ident module [FM]
- provide daily CVS snapshots via ftp [HW]
- make iptables / ip6tables use the same codebase (as libiptc) [KA]
- REJECT optionally generates port unreachable with faked SOURCE
- libipq reentrancy [JM]
- compiling without O2 issue
- libipq runtime version, do before 1.2.5 [JM]

FUTURE extensions:
- dealing with fragmented expectation-causes (i.e. DCC chat split
  over two packets, etc.)
- conntrack / nat failover [HW]
- brainstorming about 2.5 conntrack code
- netlink interface for conntrack manipulation from userspace [HW]
- unified nfnetlink for queue,ulog,conntrack (and more?) (2.5 issue)

Userspace queuing for 2.5:
- Integration with nfnetlink.
- Multiple queues per protocol.
- Netlink broadcast support.
- Allow multiple reader/writers in userspace.
- How to handle multiple protocols (e.g. use separate queue handlers
  or a multiplexer like ipqmpd).
- Peformance improvements: multipart messages, mmaped socket (possibly).
- Simplify queuing logic, which is quite ugly at the moment. (BC suggested
  removing logic from kernel).
- Allow userspace to set nfmark.
- Allow userspace to set queue length etc.
- Possibly pass conntrack/NAT info to userspace with packet.

======================================================================
[RR]	Paul 'Rusty' Russel <rusty@rustcorp.com.au>
[MB]	Marc Boucher <marc@mbsi.ca>
[JM]	James Morris <jmorris@intercode.com.au>
[HW]	Harald Welte <laforge@gnumonks.org>
[YU]	Yon Uriarte <ukl2@rz.uni-karlsruhe.de>
[RJ]	Jan Rekorajski <baggins@mimuw.edu.pl>
[BB]	Bastian Blank <bastianb@gmx.de>
[FM]	Fabrice Marie <fabrice@celestix.com>
[KA]	Kiz-Szabo Andras <kisza@sch.bme.hu>
[BC]	Brad Chapman <kakadu_croc@yahoo.com>