Thought on IPv6 support for NPF.

[Stanislav Uzunchev <uzunchev.stanislav%gmail.com@localhost>]

 Hello, all.

 I am going to apply for this project and i would like to discuss it
with the community.

 "Add support for IPv6 filtering criteria (userland + kernel)."

    This will be the part where the most options for filtering will be
enabled for end users.
    The problems here are to implement the ipv6 addressing scheme as
it is more complex
    than the ipv4's one. It will be basicly the same, just applying
the "math" for the newer
    version of the ip protocol.

 "Adjust components where needed and make sure that stateful filtering
works with IPv6 (kernel)."

    This is will be the most interesting part i guess. Escaping
malicious packets, and defense against
    the known attacks. I think that this can be done using the ipv6
reassembly code in the
    network stack, this will help to examine the packet in depths.
Also this should be
    highly optimized because this feature will most slow down the traffic.

 "Handle IPv6 addresses in the NPF tables - a container for a fast
lookup (userland + kernel)."

    I think that /src/sys/net/npf/npf_tableset.c can be modified and
used for this hash table, a separate
    table for ipv6 only will be good.

 "IPv6 reassembly support, re-using NetBSD's network stack code (kernel)."

    This is the code that does the reassembly /src/sys/netinet6/ip6_input.c so
    following it and using it reassembly can be built in npf.

 This is how i understand the project. I've gone trough most of the
codes and the documentation.
 I am asking the community for ideas and suggestions, what problems might have
 with this project. Also if you have hints and recommendations.

 Regards, Stanislav.