TODO

TODO List for netfilter / iptables. 
Currently maintained by Harald Welte <laforge@gnumonks.org>

Please inform me, if you want to work on any of the TODO items, so I
can update this list and thus prevent two people doing the same work.

CVS ID: $Id: TODO,v 1.69 2003/01/14 21:21:11 laforge Exp $

IMPORTANT issues:
- erroneously too-fast dropped conntrack for half-open TCP connections [JK]
X wrong 'Out of window' error message from tcp-windowtracking [JK]
- --mac-source not working in FORWARD (manpage bug?) [BZ]
X update manpages to include recently submitted extensions [BZ]
- locally bound udp port can still be used for MASQ/SNAT [BZ]
X fix for ICMP DNAT info leak
- unaligned access of nulldevname during string match [BZ]
- update documentation to reflect newnat
- ip6_tables not working on ultrasparc [BZ]
  (20020912155314.GA20741@paradigm.rfc822.org) 

TO BE INVESTIGATED:
- packet counters on sparc64 platform [BZ]
- ip_conntrack rmmod loop (sometimes, Yan's patch?)
- conntrack helper not called for first packet (udp!)
- different behaviour for first packet towards an l2-unresolved ip?

NICE to have:
- endianness wrt. unnamed initializers in conntrack helpers after 
  pptp-patch applied
X make RPC conntrack work again
- multicast connection tracking
- sysctl support for ftp-multi, irc-conntrack/nat, ftp-fxp [BZ]
X integrate HOPLIMIT for ipv6 in patch-o-matic [HW]
X u32 classifier (port from tc -> iptables) [YU]
- port conntrack to IPv6 (code reuse?) [BC]
- ip_nat_ident module [BZ]
- make iptables / ip6tables use the same codebase (as libiptc) [KA]
- libipq reentrancy [JM]
- compiling without O2 issue [BZ]
- libipq runtime version, do before 1.2.5 [JM]
- add ICMP type-3-code-13 option to REJECT [BZ]
X export list of matches/targets via proc-fs [BZ]
X ip6tables mangle needs 'route_me_harder' equivalent [BZ]

FUTURE extensions:
- dealing with fragmented expectation-causes (i.e. DCC chat split
  over two packets, etc.)
- conntrack / nat failover [HW]
- brainstorming about 2.5 conntrack code
- netlink interface for conntrack manipulation from userspace [HW]
- unified nfnetlink for queue,ulog,conntrack (and more?) (2.5 issue)

Userspace queuing for 2.5:
- Integration with nfnetlink.
- Multiple queues per protocol.
- Netlink broadcast support.
- Allow multiple reader/writers in userspace.
- How to handle multiple protocols (e.g. use separate queue handlers
  or a multiplexer like ipqmpd).
- Peformance improvements: multipart messages, mmaped socket (possibly).
- Simplify queuing logic, which is quite ugly at the moment. (BC suggested
  removing logic from kernel).
- Allow userspace to set nfmark.
- Allow userspace to set queue length etc.
- Possibly pass conntrack/NAT info to userspace with packet.

======================================================================
[BC]	Brad Chapman <kakadu_croc@yahoo.com>
[HW]	Harald Welte <laforge@gnumonks.org>
[JK]	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
[JM]	James Morris <jmorris@intercode.com.au>
[KA]	Kiz-Szabo Andras <kisza@sch.bme.hu>
[MB]	Marc Boucher <marc@mbsi.ca>
[RR]	Paul 'Rusty' Russel <rusty@rustcorp.com.au>
[YU]	Yon Uriarte <ukl2@rz.uni-karlsruhe.de>
[BZ]	Included in Bugzilla System