> basically, faith(4) is used for tagging packets to be grabbed by
> IPV6_FAITH sockets.  if we can tag traffic by other means, we can
> grab these traffic.

Right - as far as it goes.

> my preference is to have some packet filter directive to mark
> traffic, and avoid tweaking pcb layer.

You'll still need to tweak the pcb stuff to handle the marked traffic,
even if you do the marking with ipf rather than faith.

> err, i don't like tweaking pcb layer for "any port" bind(2) support,

Is this because you don't think "any port" semantics should be
available, or because you think this is the wrong place to implement
them?  If the latter, where would you prefer?  I can't see any way to
implement "any port" semantics without affecting the code that matches
incoming packets to listening sockets, almost by definition.

This is one reason I'd like to see address/mask bindings, because it
would avoid most of the need for faith.  (You'd still need _some_ way
to say "any address matching this <addr,mask> pair is mine", rather
than the way most interfaces match just one address.  Perhaps each ifa
should have a mask associatd with it?  If done right, it could also
help hosting farms that give each customer host its own address.)

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B