nftables frontend
-----------------
- Define lexical distinction between keywords, symbolic constants and
  identifiers
- Define syntax for changing data (connmark, meta etc.)
- payload syntax for matching on IP headers of IPIP/GRE tunnels etc.
- netlink monitor for CLI

Kernel
------
- netlink set API
- kernel set implementation selection
- TC hookup - use dummy classifier or hook "natively" ?
- kill mangle table, make rerouting a configurable table/chain property
- kill nat table? harder because of more special handling
- multi-family tables

- IPv6 ext header matching
- IP style options (IP/TCP/DCCP) matching
- IPsec policy matching
- hashlimit
- quota
- recent(?)
- TCPMSS target - generic packet editor?
- include NLM_F_ ... flags in notifications?
