On Thu, Jul 18, 2002 at 07:34:53PM +1000, Rusty Russell wrote:
> Hi all,
> With four months to go before the feature freeze, it's
> important to compile a feature list for netfilter-related things. I
> see the following coming up:
> Connection tracking:
> o TCP window tracking finally goes in.
> o Fix the extremely low TCP RST timeout
> o Fix the UDP timeout calculations to be per-port.
> o Improve hashing
> o Fix the massive timer performance problem.
> o Zero-copy-safe the connection tracking framework
> o ctnetlink support
> o Change over to a netlink interface
> o Back to add/delete/replace interface + commit.
> o Rewrite libiptc to use netlink (to port iptables).
> o Write new ip extension for iptables.
> o Zero-copy-safe the iptables framework
> o Zero-copy-safe the NAT framework
> Please add feature requests: note that I have not been following the
> lists, so "obvious" things may not be obvious to me.
I think conntrack exemptions and transparent proxy support should be added
to the list. The latter is working for me in production at least for TCP
connections. UDP support is to be dependant on conntrack exemptions, so that
is not yet implemented. (at least the sendmsg side, the recvmsg side should
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1