On Sun, 20 Feb 100 19:08:01 +1100 (EST) 
 Darren Reed <darrenr@reed.wattle.id.au> wrote:

 > > ....begs the question of why you didn't use sockaddrs from the start,
 > > but I'm not sure I want to know the answer to that question.
 > 
 > Lets see, do I compare 16 odd bytes with another 20 odd bytes and compare
 > them with another 16 odd bytes to see if 4 out of each 16 match up for a
 > particular rule ?  It was originally developed *for* IPv4 and IPv4 only.

You are so totally missing the point it's almost absurd :-)

When you set the rules (which doesn't happen very often), you have in
the ioctl a "struct sockaddr *addr" and a "size_t addrlen" (like, say,
the bind(2) system call does).  You copy in that sockaddr separately.
You then convert the data in that sockaddr into the internal representation
you wish to use.

This gives you:

	- flexibility (when new IP versions come along, for example).  Why
	  do you care about this?  Well, even though you claim that IP Filter
	  was originally for IPv4 only, you obviously saw some value in
	  adding IPv6 support, so why not take the opportunity to fix
	  a simple bogon in the ioctl interface to make it easier to add
	  support for some other address family which you might find useful
	  to use in the future?

	- performance -- you're still using your regular internal
	  representation on the inside, *not sockaddrs*.

This isn't a difficult concept.  Programmers have been doing this for
hundreds of thousands of years.

        -- Jason R. Thorpe <thorpej@nas.nasa.gov>