A project I'm looking to do in my spare time at Sun is to
create a library that provides access to some of the
more useful ioctls supported by IPFilter.  The problem
with relying on ioctls is that if the data structures passed
through change then often everything needs to be
recompiled.

I currently have no plans to rewrite the IPFilter tools to use
this API, rather, the parts of the API that I'm designing now
are where 3rd party people have said "we'd like to dow this
with our applications."  At some point it will be possible to
write the tools to use it, but that isn't the priority here.

For obvious reasons I won't be doing this work in NetBSD
but there are some paths for someone else at NetBSD to:
- import all of the code "as is" under src/dist/libnpf (CDDL'd)
- someone else from NetBSD writes it all from scratch
- the front end gets written by someone else at NetBSD
  but NetBSD imports the ipfilter bits from opensolaris
  (CDDL allows this.)

The "someone else" from NetBSD will get a spec of some
sort to code against.  If they were prepared to help write
and/or review the spec, even better.

Additionally, I'd like to hear if anyone would be willing to
at least do the backend work for pf on NetBSD.  I'll also
be posting a similar email to the FreeBSD lists, asking for
input/thoughts there too.

Darren