Designing a library interface for ipfilter...

[Darren.Reed at Sun.COM]

A project I'm looking to do in my spare time at Sun is to
create a library that provides access to some of the
more useful ioctls supported by IPFilter.  The problem
with relying on ioctls is that if the data structures passed
through change then often everything needs to be
recompiled.

I currently have no plans to rewrite the IPFilter tools to use
this API, rather, the parts of the API that I'm designing now
are where 3rd party people have said "we'd like to dow this
with our applications."  At some point it will be possible to
write the tools to use it, but that isn't the priority here.

For obvious reasons I won't be doing this work in FreeBSD
but there are some paths for someone else at FreeBSD to:
- import all of the code "as is" under src/dist/libnpf (CDDL'd)
- someone else from FreeBSD writes it all from scratch
- the front end gets written by someone else at FreeBSD
  but FreeBSD imports the ipfilter bits from opensolaris
  (CDDL allows this.)

The "someone else" from FreeBSD will get a spec of some
sort to code against.  If they were prepared to help write
and/or review the spec, even better.

Additionally, I'd like to hear if anyone would be willing to
at least do the backend work for both ipfw and pf on
FreeBSD.  I'll also be posting a similar email to the
NetBSD lists, asking for input/thoughts there too.

Darren