>> err, i don't like tweaking pcb layer for "any port" bind(2) support,
>Is this because you don't think "any port" semantics should be
>available, or because you think this is the wrong place to implement
>them?  If the latter, where would you prefer?  I can't see any way to
>implement "any port" semantics without affecting the code that matches
>incoming packets to listening sockets, almost by definition.

	i don't want "any port" semantics be available on pcb.

>This is one reason I'd like to see address/mask bindings, because it
>would avoid most of the need for faith.  (You'd still need _some_ way
>to say "any address matching this <addr,mask> pair is mine", rather
>than the way most interfaces match just one address.  Perhaps each ifa
>should have a mask associatd with it?  If done right, it could also
>help hosting farms that give each customer host its own address.)

	i guess NAT-PT (per-packet translation) is what you want.  however,
	it has pros and cons:
	- faith:
		pros: simple to implement, no packet fragmentation issues
			(since it is in L4)
		cons: per-port
	- NAT-PT
		pros: any port
		cons: fragmentation issue (since it is in L3), complex state
			management
	i guess it has to be part of ipfilter.  as ipfilter is not very
	version-independent, my todo list has "NAT-PT on openbsd PF",
	but not for ipfilter.

itojun