I've been thinking about setting up a v6-to-v4 gateway, somewhat akin
to what faith(4)/faithd(8) provide.  However, I want it to be
port-independent.

This means (a) a way to bind a listening TCP socket without specifying
a port and (b) a way to bind a socket to just the /96 corresponding to
the mapped address space.  (Actually, (b) is unnecessary if I'm willing
to give up on all ordinary incoming v6 connections to the machine, but
I'm not.)

For (b), I was thinking of maybe having a FAITHONLY option.  Just as
packets that arrive via faith forwarding will match only sockets on
which FAITH has been set, setting FAITHONLY would do the converse: a
FAITHONLY socket would be ignored except for packets arriving via
faith.  (This would also mean hacking on the code that detects port
reuse, of course, since a FAITHONLY binding of a port wouldn't conflict
with a non-FAITH binding of that port.)  Of course, it would be even
better to give the API the ability to specify a prefixlen when
providing the address to bind a socket to, but that could be more work
than it's worth, and a fully wildcarded but FAITHONLY socket would do
for my application.

It looks as though (a) could also be dealt with through a socket option
(ANYPORT, perhaps?) that affects in6_pcblookup_bind.  It seems to me
that this one could be more generally useful and perhaps should affect
TCPv4 and maybe even UDPv[46] lookups as well (though for UDP there'd
have to be a way to get the sent-to address, akin to what getsockname
on the new socket does for TCP), which is why I don't just suggest
conflating it with FAITHONLY into something like a
FAITH_TENTACLES_EVERYWHERE_HACK socket option....

Any thoughts on any of the above?

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B