npfctl - questions and a bug report

[rudolf <netbsd%eq.cz@localhost>]

Hi,

1)
I just noticed a bug in "npfctl show" output. In case of a rule with 
port numbers expressed using a variable (list), only the first of listed 
ports is displayed. Using the example from npf.conf(5) man page (only 
the significant parts):

$services_tcp = { http, https, smtp, domain, 6000, 9022 }
pass stateful in final proto tcp to $ext_if port $services_tcp

With "npfctl show" will this rule be listed only with the port number 80.

2)
I was trying to use variables in a definition of a variable:
$ext_ipv4_0 = 10.0.0.200
$ext_ipv4_1 = 10.0.0.201
$ext_ipv4 = { $ext_ipv4_0, $ext_ipv4_1 }
pass stateful in final family inet proto tcp to $ext_ipv4 port ssh

This is not possible, I get:
variable 'ext_ipv4' is of type 'variable-id' not 'family-address-mask'

Is this a feature or a bug?

3)
Now tables are identified only as numbers, strings are converted to 
number 0. Are there plans to support strings (probably with the same 
naming rules as for the names of variables) as names of tables?

4)
With IPF, I use the "-h" option of "ipfstat" command frequently (I 
usually do "ipfstat -hio"). It shows the number of times each rule 
scores a "hit". I can't find corresponding feature of npfctl. Are there 
plans to add it?

Thanks,

r.