Subject: Re: ipfilter 3.4beta - ipv6 filtering.
To: None <>
From: Darren Reed <>
List: tech-net
Date: 02/20/2000 00:08:49
In some email I received from Jason Thorpe, sie wrote:
> On Sun, 20 Feb 100 18:50:25 +1100 (EST) 
>  Darren Reed <> wrote:
>  > The way I've developed the code is such that it is different so it can
>  > run on non-IPv6 systems.  NetBSD 1.5 will be an IPv6 system, thus it
>  > will be possible to compile it all as IPv4/IPv6 and only have the pfil
>  > hook dependant on INET6, keeping the API the same.
> That's nonsense.  It's possible to build the NetBSD userland WITHOUT
> INET6, and doing so does NOT break any ABI compatibility with the kernel.
>  > > 	If the API is kept same regardless from "options INET6" it should
>  > > 	be okay.  (always use 16bytes, or use sockaddr/sockaddr_storage
>  > > 	- sockaddr comes with indication of address family so it is better
>  > > 	than passing in{,6}_addr) 
>  > 
>  > The filter rules already have the 'version' in them, so ipfilter knows
>  > what the 16 bytes are (v4/v6).
> ....begs the question of why you didn't use sockaddrs from the start,
> but I'm not sure I want to know the answer to that question.

Lets see, do I compare 16 odd bytes with another 20 odd bytes and compare
them with another 16 odd bytes to see if 4 out of each 16 match up for a
particular rule ?  It was originally developed *for* IPv4 and IPv4 only.

That and size limits on structures passed via ioctl.  It was originally
developed back when we didn't have more MHz than Megabucks and so is/was
efficient as possible where possible.