NetBSD/usr.sbin/npf/npfctl/todo

-- how to convert other packet filters to npf
-- have a way to use npflog to log packets to syslog
-- have a way to match dropped packets to rules
-- have a way to list the active nat sessions
-- npfctl start does not load the configuration if not loaded.
   It is not clear you need to reload first. Or if it loads it should
   print the error messages. Or it should be called enable/disable since
   this is what it does. It does not "start" because like an engine with
   no fuel, an npf with no configuration does not do much.
-- able to specify interfaces before they are created
-- docs/examples out of date
-- npf starts up too late (after traffic can go through)
-- need libpcap in /
-- although the framework checks the file for consistency, returning EINVAL
   for system failures is probably not good enough. For example if a module
   failed to autoload, it is probably an error and it should be reported
   differently?
-- npf algorithms like icmp, are loaded via modules. Perhaps it is better
   to have some config magic to autoload it instead of needing to run a
   module command.

ok npf and dependent modules should autoload automagically as they are used
ok have a way to register cloners? through a mapping file? consistently naming
   the cloner modules? if_cloner? Split if_npflog from the ext_log module and
   added autoloading for cloners.
ok normalise -> normalize (the official project language is US/English)
ok modules should move from /usr/lib to /lib
ok parse dynamic map rule properly inet4($ext_if) does not work
ok create npflog interface automatically
ok need to bring interface npflog up
ok parse 'port "ftp-data"' properly
ok fix usage
ok get better messages from the kernel when things fail: Ok with
   DEBUG/DIAGNOSTIC, you get the file/line in the kernel that failed 
   which is good enough.
ok 'ifconfig npflog0 destroy; modunload if_npflog'. Remove dependency
   on npf_ext_log module, since if_npflog can load and unload independently.
my laundry list 2013-03-11 04:04:46 +04:00			`-- how to convert other packet filters to npf`
			`-- have a way to use npflog to log packets to syslog`
			`-- have a way to match dropped packets to rules`
			`-- have a way to list the active nat sessions`
explain further. 2013-03-11 06:02:28 +04:00			`-- npfctl start does not load the configuration if not loaded.`
			`It is not clear you need to reload first. Or if it loads it should`
			`print the error messages. Or it should be called enable/disable since`
			`this is what it does. It does not "start" because like an engine with`
			`no fuel, an npf with no configuration does not do much.`
my laundry list 2013-03-11 04:04:46 +04:00			`-- able to specify interfaces before they are created`
			`-- docs/examples out of date`
			`-- npf starts up too late (after traffic can go through)`
			`-- need libpcap in /`
explain further. 2013-03-11 06:02:28 +04:00			`-- although the framework checks the file for consistency, returning EINVAL`
			`for system failures is probably not good enough. For example if a module`
			`failed to autoload, it is probably an error and it should be reported`
			`differently?`
add another 2013-03-13 06:36:51 +04:00			`-- npf algorithms like icmp, are loaded via modules. Perhaps it is better`
			`to have some config magic to autoload it instead of needing to run a`
			`module command.`
my laundry list 2013-03-11 04:04:46 +04:00
			`ok npf and dependent modules should autoload automagically as they are used`
			`ok have a way to register cloners? through a mapping file? consistently naming`
			`the cloner modules? if_cloner? Split if_npflog from the ext_log module and`
			`added autoloading for cloners.`
			`ok normalise -> normalize (the official project language is US/English)`
			`ok modules should move from /usr/lib to /lib`
			`ok parse dynamic map rule properly inet4($ext_if) does not work`
			`ok create npflog interface automatically`
			`ok need to bring interface npflog up`
handle port "ftp-data" 2013-03-11 04:09:07 +04:00			`ok parse 'port "ftp-data"' properly`
fix usage 2013-03-11 04:16:59 +04:00			`ok fix usage`
explain further. 2013-03-11 06:02:28 +04:00			`ok get better messages from the kernel when things fail: Ok with`
			`DEBUG/DIAGNOSTIC, you get the file/line in the kernel that failed`
			`which is good enough.`
one more fixed 2013-03-11 20:38:31 +04:00			`ok 'ifconfig npflog0 destroy; modunload if_npflog'. Remove dependency`
			`on npf_ext_log module, since if_npflog can load and unload independently.`