diff options
authorHarald Welte <>2001-01-24 01:15:16 +0000
committerHarald Welte <>2001-01-24 01:15:16 +0000
commitaf4ec45619a9519709c576b65492c27d413d26f0 (patch)
parente0072945b57dc499327567640648050563b19a5e (diff)
new, more detailed TODO list
1 files changed, 44 insertions, 11 deletions
diff --git a/TODO b/TODO
index 4ca56c8a..f0e88f13 100644
--- a/TODO
+++ b/TODO
@@ -1,11 +1,44 @@
- u32 classifier
- ICQ module
- -C utility.
- Static (dumb) NAT.
- Hard lockup with ip_queue under heavy load.
- ftp tcp window tracking failure (ftp nat must update window info).
- mangle should have hooks everywhere
- Make patch-o-matic more generic (any subdir), and reversible.
+TODO List for netfilter / iptables.
+Currently maintained by Harald Welte <>
+Please inform me, if you want to work on any of the TODO items, so I
+can update this list and thus prevent two people doing the same work.
+CVS ID: $Id$
+IMPORTANT before iptables-1.2.1 release:
+- generic tcp sequence number offset support for nat helpers [HW]
+- prerelease make target (for applying certain p-o-m stuff)
+- header files in seperate directory, build all extensions, even
+ when current kernel not patched
+- restore counters for individual rules (iptables / iptables-restore) [HW]
+- add libipulog / libiptc to DEVEL target
+INDEPENDENT from iptables-1.2.1 release:
+- netlink interface for conntrack manipulation from userspace [HW]
+- unified nfnetlink for queue,ulog,conntrack (and more?) (2.5 issue)
+- sysctl support for ftp-multi, irc-conntrack/nat, ftp-fxp
+- integrate HOPLIMIT for ipv6 in patch-o-matic [HW]
+- static 1:1 NAT (only ip address NAT in both directions)
+- u32 classifier (port from tc -> iptables)
+- pktlen match (not needed, when u32 available)
+- SMP locking for IRC buggy?
+- MARK match / target with boolean OR / AND (to use nfmark bitwise)
+- full tcp window tracking incompatibility with nat helpers [HW]
+- multiple related connections
+- documentation for libiptc
+- port conntrack to IPv6 (code reuse?)
+- port matches (owner, limit, multiport, owner) to IPv6
+- HOPLIMIT IPv6 target / match [HW]
+- multicast connection tracking
+- conntrack / nat failover [HW]
+- Hard lockup with ip_queue under heavy load
+- mangle table should use all five netfilter hooks
+- make patch-o-matic more generic (any subdir), and reversible
+[RR] Paul 'Rusty' Russel <>
+[MB] Marc Boucher <>
+[JM] James Morris <>
+[HW] Harald Welte <>