* 1. Add dup and clone syscall monitoring.
* 2. Add readv and writev syscall monitoring.
* 3. Fix the segfaults that occur when the module is unloaded 
     - this is probably due to something in the data-block code.
- 4. Make it more memory-efficient (there's alot of copying).
  5. Add a memory-manager to handle mallocs and frees - perhaps
     allocate a big chunk o' ram at the start, and then use only that.
  6. Add code to handle lost events (we don't want to lose anything).
- 7. Scripts! Write a script to setup all the MySQL stuff on the back-end,
	 including users. We should get the user to specify the name of the
	 MySQL user.
- 8. Write a script to respawn the net_client if the connection is lost.
  9. Try to reduce the incidence of the module-unloading race-condition.
 10. Make the data-stream more fault tolerant... Maybe introduce a "magic number"
	 that, if the stream gets FUBARed, the reader can seek to, to get back in sync.
 11. Get rid of cruft in net_auditd and audit.conf - stuff from SNARE that we don't
	 use anymore (all the regexp stuff).
 12. Figure out how to get this thing working with UML.
*13. Get memory stuff fixed so that we can handle really big reads/writes... Right 
	 now, I think it bails if it tries to handle anything too big (what size?).
 14. Change the NET_CLASS stuff so that it uses the new string format.
*15. Figure out why long-running systems tend to deadlock.
     - I think it is because I allocate memory incrementally. Ideally, ALL memory
	   needed for processing a syscall should be allocated at the *start* of the
	   syscall, in one chunk. Otherwise, you get a situation where a process
	   eats up just a bit of the resources at the same time as another process.
	   They get to a point where both want more, and neither will relinquish.
 16. Figure out how to "split" events into multiples, so that we can handle reads
	 and writes that are larger than 128k.
*17. Write a test program that will run "wget" n times and time how long it takes for
	 the wget requests to be filled. Point it at the back-end and do some testing.
	 Do this for auditing on, auditing off, and auditing with no network writes.
 18. Implement monitoring for sendmsg, recvmsg, etc.
 19. Implement canonicalization of filenames within the kernel (need to worry about
     chroot'ing and stuff), and add that to the stuff that gets logged.
 20. Modify the kernel so that it can generate events when a process is destroyed.
	 This is gonna get messy.
 21. Modify the update_proc_life procedure so that it can figure out what OTHER 
	 processes are in the same group that the current process is in... That way, 
	 if we get a "kill (0, sig)" event, we will know that all the other processes
	 in the group got killed, too. See man 2 kill for details.
 22. Add close: both to syscall monitoring AND to the list_dups program.
-23. Add count table, and add count field to event table.
-24. Rewrite did_proc_write.sh so that it doesn't suck.
-25. Write some post-processing scripts: 
		We want one which will update the "ppid"
		field for each process so that it is CORRECT - currently, for some reason, there
		are errors (check to see if this is your error or a kernel issue). However, I 
		think that, at time of FORK, it's always right. So we can go through, figure out
		the pid that forked to create the child, and update the child's ppid value with
		that pid, for every event.