diff options
2 files changed, 0 insertions, 96 deletions
deleted file mode 100644
index cdec36fa..00000000
+++ /dev/null
@@ -1,30 +0,0 @@
-save/restore problem of owner match
- - userspace
-u32 match
- - can wait
-XDMCP conntrack/nat
- - can wait
-nf_debug stuff
- - can wait
- - can wait
-UDP stream timeout (180s) doens't apply for first reply packet
- - fix by Martin Josefsson, needs review/testing
-SLOG target
- - no further work expected
- - needs to be integrated with recent nfnetlink/ctnetlink
-loop detection / nf_hipac (mail from dec 15
- - need time
-IPv6 REJECT target fix
- - important, it's a pity that it's still broken
-bi-directional ftp state tracking
- - do we want this?
-final ACK of a SYN - SYN/ACK - ACK tcp handshake establishes ASSURED
- - patch is on list, needs testing + comments from kadlec
-expectations allegedly don't work on sparc64
- - see <>
- - is this in bugzilla yet?
-new bytelimit match
- - unify it with 'limit' for 2.5.x
-boolean MARK operations
- - patch by Anders Fugmann, needs 64bit testing
diff --git a/TODO b/TODO
deleted file mode 100644
index 331f1678..00000000
--- a/TODO
+++ /dev/null
@@ -1,66 +0,0 @@
-TODO List for netfilter / iptables.
-Currently maintained by Harald Welte <>
-Please inform me, if you want to work on any of the TODO items, so I
-can update this list and thus prevent two people doing the same work.
-CVS ID: $Id: TODO,v 1.71 2003/11/06 23:20:00 laforge Exp $
-IMPORTANT issues:
-- erroneously too-fast dropped conntrack for half-open TCP connections [JK]
-- --mac-source not working in FORWARD (manpage bug?) [BZ]
-- locally bound udp port can still be used for MASQ/SNAT [BZ]
-- unaligned access of nulldevname during string match [BZ]
-- unaligned access in interface match (ip_tables core)
-- update documentation to reflect newnat
-- release iptables-1.3.0-test (with new libiptc for speedup)
-- ipv6 ldp (igmp) and ndisc bypasses LOCAL_OUT hook
-- packet counters on sparc64 platform [BZ]
-- conntrack helper not called for first packet (udp!)
-- different behaviour for first packet towards an l2-unresolved ip?
-NICE to have:
-- sysctl support for ftp-multi, irc-conntrack/nat, ftp-fxp [BZ]
-- port conntrack to IPv6 (code reuse?)
-- ip_nat_ident module [BZ]
-- make iptables / ip6tables use the same codebase (as libiptc) [KA]
-- libipq reentrancy [JM]
-- compiling without O2 issue [BZ]
-- libipq runtime version, do before 1.2.5 [JM]
-- l3 independent ip_queue / ULOG (2.6)
-- add support for IRC tracking in opposite direction
-- Find mirrors for domains
-- example section on homepage
-- searchable mailinglist archives
-- faq-o-matic system
-FUTURE extensions:
-- dealing with fragmented expectation-causes (i.e. DCC chat split
- over two packets, etc.)
-- conntrack / nat failover [HW]
-- unified nfnetlink for queue,ulog,conntrack (and more?) (2.5 issue)
-Userspace queuing for 2.5:
-- Integration with nfnetlink.
-- Multiple queues per protocol.
-- Netlink broadcast support.
-- Allow multiple reader/writers in userspace.
-- How to handle multiple protocols (e.g. use separate queue handlers
- or a multiplexer like ipqmpd).
-- Peformance improvements: multipart messages, mmaped socket (possibly).
-- Simplify queuing logic, which is quite ugly at the moment. (BC suggested
- removing logic from kernel).
-- Allow userspace to set nfmark.
-- Allow userspace to set queue length etc.
-- Possibly pass conntrack/NAT info to userspace with packet.
-[BC] Brad Chapman <>
-[HW] Harald Welte <>
-[JK] Jozsef Kadlecsik <>
-[JM] James Morris <>
-[KA] Kiz-Szabo Andras <>
-[RR] Paul 'Rusty' Russel <>
-[BZ] Included in Bugzilla System