If we leave out all the technical challenges involved, the real question
is if the pf developers find this idea useful at all?
A few points, in wrac: 1) I kind of like libraries, but they are difficult to get right, and probably more difficult is to have people agree to use it.
2) Theo doesn't like libraries too much. 3) The current way file are shared between pfctl, authpf and tcpdump is kind of ugly IMHO. 4) I've never used authpf, but I wonder why authpf does not call the pfctl binary, to have the benefit of code reuse without that tricky sharing of files. Combining binaries is usually the Unix way, I believe. Cedric
