In some email I received from itojun@iijlab.net, sie wrote:
> 
> 
> >A beta of the next IP Filter is now available, supporting filtering of
> >IPv6.  It will require a 1.4T or later kernel to work.  To install,
> >run "BSD/kupgrade" to update srcs under /sys and compile with INET6
> >uncommented in ipf3.4beta/Makefile.  At this stage, the user land
> >binaries need to be compiled depending on whether the kernel has
> >been built with "options INET6" or not.  There is no (planned) backward
> >binary compatibility, for the kernel, between this and earlier versions.
> 
> 	Is there any way to make the userland programs work on top of
> 	IPv4-only kernel and IPv4/v6 kernel?  Like "have IPv4/IPv6 support,
> 	will raise error if user specifies filter that is not supported by
> 	the kernel"?
> 
> 	NetBSD will ship compiled userland binaries.  It is pity to ask
> 	everyone to switch userland binaries when she switch the kernel.

The way to do this would be the same as other tools, such as telnet, get
done - compile in the INET6 support from the start.  So long as all the
IPv6 headers were available, only the code which sets up the pfil hook
for IPv6 would need to be conditionally compiled for a kernel with or
without IPv6.  Basically, when compiled with IPv6 support, in6_addr is
used to store both IPv6 and IPv4 addresses and is used in structs passed
between userland and the kernel in place of in_addr (size differences).

Darren