>Joel Wilsson <joelw@unix.se>  wrote:
> > I simply wouldn't be able to do a fair comparison. Someone who has a lot of
> > experience with both ipf and pf should do that, and I'm sad to say I do not.
>Someone should just sufficiently bribe thorpej into finishing 'zpf' and
>thus saving the whole world.

	from IPv6 support point of view, PF is much better than IPFilter.
	IPFilter passses around pointer to the head of the packet, without
	passing around length, therefore is more vulnerable to programming
	mistakes (it might have been okay when IPFilter was IPv4-only, but
	with IPv6 you have different header length for each packet).
	PF always pass around struct mbuf *, therefore length is always
	passed around.  also, with PF internal structures are protocol-
	independent (well, only for IPv4/v6) so it is easier to provide
	the same set of functionalities to IPv4 and IPv6.

itojun