Subject: Re: ipfilter 3.4beta - ipv6 filtering.
To: None <>
From: Darren Reed <>
List: tech-net
Date: 02/19/2000 23:51:17
In some email I received from, sie wrote:
> >The way to do this would be the same as other tools, such as telnet, get
> >done - compile in the INET6 support from the start.  So long as all the
> >IPv6 headers were available, only the code which sets up the pfil hook
> >for IPv6 would need to be conditionally compiled for a kernel with or
> >without IPv6.  Basically, when compiled with IPv6 support, in6_addr is
> >used to store both IPv6 and IPv4 addresses and is used in structs passed
> >between userland and the kernel in place of in_addr (size differences).
> 	Please clarify: kernel API is the same for IPv4-only kernel
> 	and IPv4/v6 kernel?  or will they change the size?

The way I've developed the code is such that it is different so it can
run on non-IPv6 systems.  NetBSD 1.5 will be an IPv6 system, thus it
will be possible to compile it all as IPv4/IPv6 and only have the pfil
hook dependant on INET6, keeping the API the same.

> 	If the API is kept same regardless from "options INET6" it should
> 	be okay.  (always use 16bytes, or use sockaddr/sockaddr_storage
> 	- sockaddr comes with indication of address family so it is better
> 	than passing in{,6}_addr) 

The filter rules already have the 'version' in them, so ipfilter knows
what the 16 bytes are (v4/v6).