diff --git a/lib/libnpf/npf.3 b/lib/libnpf/npf.3
index e58c63a03b9b..90988e8c33df 100644
--- a/lib/libnpf/npf.3
+++ b/lib/libnpf/npf.3
@@ -1,4 +1,4 @@
-.\"	$NetBSD: npf.3,v 1.5 2012/07/01 23:21:07 rmind Exp $
+.\"	$NetBSD: npf.3,v 1.6 2012/12/23 21:01:05 rmind Exp $
 .\"
 .\" Copyright (c) 2011-2012 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd July 1, 2012
+.Dd December 23, 2012
 .Dt NPF 3
 .Os
 .Sh NAME
@@ -77,20 +77,14 @@
 .Ft nl_table_t *
 .Fn npf_table_create "u_int id" "int type"
 .Ft int
-.Fn npf_table_add_entry "nl_table_t *tl" "in_addr_t addr" "in_addr_t mask"
+.Fn npf_table_add_entry "nl_table_t *tl" "int "af" \
+"in_addr_t addr" "in_addr_t mask"
 .Ft bool
 .Fn npf_table_exists_p "nl_config_t *ncf" "u_int tid"
 .Ft int
 .Fn npf_table_insert "nl_config_t *ncf" "nl_table_t *tl"
 .Ft void
 .Fn npf_table_destroy "nl_table_t *tl"
-.\" ---
-.Ft int
-.Fn npf_update_rule "int fd" "const char *rname" "nl_rule_t *rl"
-.Ft int
-.Fn npf_sessions_send "int fd" "const char *fpath"
-.Ft int
-.Fn npf_sessions_recv "int fd" "const char *fpath"
 .\" -----
 .Sh DESCRIPTION
 The
@@ -261,13 +255,20 @@ Table is identified by
 which should be in the range between 1 and
 .Dv NPF_MAX_TABLE_ID .
 .El
-.It Fn npf_table_add_entry "tl" "addr" "mask"
-Add an entry of IPv4 address and mask, specified by
+.It Fn npf_table_add_entry "tl" "af" "addr" "mask"
+Add an entry of IP address and mask, specified by
 .Fa addr
 and
 .Fa mask ,
 to the table specified by
 .Fa tl .
+Family, specified by
+.Fa fa ,
+must be either
+.Dv AF_INET
+for IPv4 or
+.Dv AF_INET6
+for IPv6 address.
 .It Fn npf_table_exists_p "ncf" "name"
 Determine whether table with ID
 .Fa tid
@@ -285,19 +286,6 @@ Routine performs a check for duplicate table ID.
 Destroy the specified table.
 .El
 .\" -----
-.Ss Session interface
-.Bl -tag -width 4n
-.It Fn npf_update_rule "fd" "rname" "rl"
-.It Fn npf_sessions_send "fd" "fpath"
-Read the file specified by
-.Fa fpath ,
-and send sessions saved in it to the kernel.
-.It Fn npf_sessions_recv "fd" "fpath"
-Receive currently loaded session from the kernel, and save them to a file
-specified by
-.Fa fpath .
-.El
-.\" -----
 .Sh SEE ALSO
 .Xr npfctl 8 ,
 .Xr npf_ncode 9
diff --git a/lib/libnpf/npf.c b/lib/libnpf/npf.c
index c560626ab7f6..28b4d1380d76 100644
--- a/lib/libnpf/npf.c
+++ b/lib/libnpf/npf.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf.c,v 1.14 2012/10/28 16:27:20 rmind Exp $	*/
+/*	$NetBSD: npf.c,v 1.15 2012/12/23 21:01:05 rmind Exp $	*/
 
 /*-
  * Copyright (c) 2010-2012 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.14 2012/10/28 16:27:20 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.15 2012/12/23 21:01:05 rmind Exp $");
 
 #include <sys/types.h>
 #include <netinet/in_systm.h>
@@ -121,14 +121,15 @@ npf_config_submit(nl_config_t *ncf, int fd)
 	if (npf_dict == NULL) {
 		return ENOMEM;
 	}
-	if (ncf->ncf_debug) {
-		prop_dictionary_set(npf_dict, "debug", ncf->ncf_debug);
-	}
+	prop_dictionary_set_uint32(npf_dict, "version", NPF_VERSION);
 	prop_dictionary_set(npf_dict, "rules", ncf->ncf_rules_list);
 	prop_dictionary_set(npf_dict, "rprocs", ncf->ncf_rproc_list);
 	prop_dictionary_set(npf_dict, "tables", ncf->ncf_table_list);
 	prop_dictionary_set(npf_dict, "translation", ncf->ncf_nat_list);
 	prop_dictionary_set_bool(npf_dict, "flush", ncf->ncf_flush);
+	if (ncf->ncf_debug) {
+		prop_dictionary_set(npf_dict, "debug", ncf->ncf_debug);
+	}
 
 	if (plist) {
 		if (!prop_dictionary_externalize_to_file(npf_dict, plist)) {
@@ -664,24 +665,36 @@ npf_table_create(u_int id, int type)
 }
 
 int
-npf_table_add_entry(nl_table_t *tl, const int alen,
-    const npf_addr_t *addr, const npf_netmask_t mask)
+npf_table_add_entry(nl_table_t *tl, int af, const npf_addr_t *addr,
+    const npf_netmask_t mask)
 {
 	prop_dictionary_t tldict = tl->ntl_dict, entdict;
 	prop_array_t tblents;
 	prop_data_t addrdata;
+	unsigned alen;
 
 	/* Create the table entry. */
 	entdict = prop_dictionary_create();
 	if (entdict == NULL) {
 		return ENOMEM;
 	}
+
+	switch (af) {
+	case AF_INET:
+		alen = sizeof(struct in_addr);
+		break;
+	case AF_INET6:
+		alen = sizeof(struct in6_addr);
+		break;
+	default:
+		return EINVAL;
+	}
+
 	addrdata = prop_data_create_data(addr, alen);
 	prop_dictionary_set(entdict, "addr", addrdata);
 	prop_dictionary_set_uint8(entdict, "mask", mask);
 	prop_object_release(addrdata);
 
-	/* Insert the entry. */
 	tblents = prop_dictionary_get(tldict, "entries");
 	prop_array_add(tblents, entdict);
 	prop_object_release(entdict);
diff --git a/lib/libnpf/npf.h b/lib/libnpf/npf.h
index a3b1dc3d876a..8ac2dc80c5f4 100644
--- a/lib/libnpf/npf.h
+++ b/lib/libnpf/npf.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf.h,v 1.11 2012/09/16 13:47:42 rmind Exp $	*/
+/*	$NetBSD: npf.h,v 1.12 2012/12/23 21:01:05 rmind Exp $	*/
 
 /*-
  * Copyright (c) 2011-2012 The NetBSD Foundation, Inc.
@@ -103,20 +103,20 @@ nl_nat_t *	npf_nat_create(int, u_int, u_int, npf_addr_t *, int, in_port_t);
 int		npf_nat_insert(nl_config_t *, nl_nat_t *, pri_t);
 
 nl_table_t *	npf_table_create(u_int, int);
-int		npf_table_add_entry(nl_table_t *, const int,
+int		npf_table_add_entry(nl_table_t *, int,
 		    const npf_addr_t *, const npf_netmask_t);
 bool		npf_table_exists_p(nl_config_t *, u_int);
 int		npf_table_insert(nl_config_t *, nl_table_t *);
 void		npf_table_destroy(nl_table_t *);
 
-int		npf_update_rule(int, const char *, nl_rule_t *);
-int		npf_sessions_send(int, const char *);
-int		npf_sessions_recv(int, const char *);
-
 #ifdef _NPF_PRIVATE
 
 #include <ifaddrs.h>
 
+int		npf_update_rule(int, const char *, nl_rule_t *);
+int		npf_sessions_send(int, const char *);
+int		npf_sessions_recv(int, const char *);
+
 void		_npf_config_error(nl_config_t *, nl_error_t *);
 void		_npf_config_setsubmit(nl_config_t *, const char *);
 int		_npf_rule_foreach(nl_config_t *, nl_rule_callback_t);
diff --git a/sys/net/npf/npf.h b/sys/net/npf/npf.h
index 7db79522a204..69d967b5a8c1 100644
--- a/sys/net/npf/npf.h
+++ b/sys/net/npf/npf.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf.h,v 1.23 2012/12/10 01:11:13 rmind Exp $	*/
+/*	$NetBSD: npf.h,v 1.24 2012/12/23 21:01:03 rmind Exp $	*/
 
 /*-
  * Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -45,7 +45,7 @@
 #include <netinet/in_systm.h>
 #include <netinet/in.h>
 
-#define	NPF_VERSION		7
+#define	NPF_VERSION		8
 
 /*
  * Public declarations and definitions.
diff --git a/sys/net/npf/npf_ctl.c b/sys/net/npf/npf_ctl.c
index 4e72ea2e355f..78e09c9aa45d 100644
--- a/sys/net/npf/npf_ctl.c
+++ b/sys/net/npf/npf_ctl.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_ctl.c,v 1.19 2012/10/29 02:27:12 rmind Exp $	*/
+/*	$NetBSD: npf_ctl.c,v 1.20 2012/12/23 21:01:03 rmind Exp $	*/
 
 /*-
  * Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.19 2012/10/29 02:27:12 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.20 2012/12/23 21:01:03 rmind Exp $");
 
 #include <sys/param.h>
 #include <sys/conf.h>
@@ -458,6 +458,7 @@ npfctl_reload(u_long cmd, void *data)
 	npf_tableset_t *tblset = NULL;
 	npf_ruleset_t *rlset = NULL;
 	npf_ruleset_t *nset = NULL;
+	uint32_t ver = 0;
 	bool flush;
 	int error;
 
@@ -470,8 +471,13 @@ npfctl_reload(u_long cmd, void *data)
 	npf_dict = (prop_dictionary_t)pref;
 #endif
 
-	/* Dictionary for error reporting. */
+	/* Dictionary for error reporting and version check. */
 	errdict = prop_dictionary_create();
+	prop_dictionary_get_uint32(npf_dict, "version", &ver);
+	if (ver != NPF_VERSION) {
+		error = EPROGMISMATCH;
+		goto fail;
+	}
 
 	/* NAT policies. */
 	nset = npf_ruleset_create();
@@ -720,6 +726,7 @@ npfctl_table(void *data)
 	case NPF_IOCTL_TBLENT_LOOKUP:
 		error = npf_table_lookup(tblset, nct->nct_tid,
 		    nct->nct_data.ent.alen, &nct->nct_data.ent.addr);
+		break;
 	case NPF_IOCTL_TBLENT_ADD:
 		error = npf_table_insert(tblset, nct->nct_tid,
 		    nct->nct_data.ent.alen, &nct->nct_data.ent.addr,
diff --git a/usr.sbin/npf/npfctl/npf.conf.5 b/usr.sbin/npf/npfctl/npf.conf.5
index f6e35b0eecdb..15ab18f6c785 100644
--- a/usr.sbin/npf/npfctl/npf.conf.5
+++ b/usr.sbin/npf/npfctl/npf.conf.5
@@ -1,4 +1,4 @@
-.\"    $NetBSD: npf.conf.5,v 1.25 2012/12/06 22:36:51 rmind Exp $
+.\"    $NetBSD: npf.conf.5,v 1.26 2012/12/23 21:01:04 rmind Exp $
 .\"
 .\" Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd December 6, 2012
+.Dd December 23, 2012
 .Dt NPF.CONF 5
 .Os
 .Sh NAME
@@ -98,9 +98,11 @@ The file should contain a list of IP addresses and/or networks in the form of:
 Tables of type "hash" can only contain IP addresses.
 .Ss Interfaces
 Interfaces can be specified as the values of the variables:
+.Pp
 .Bd -literal
 $pub_if_list = { ifnet(wm0), ifnet(wm1) }
 .Ed
+.Pp
 In the context of filtering, an interface provides a list of its
 all IP addresses, including IPv4 and IPv6.
 Specific interface addresses can be selected by the family, e.g.:
@@ -285,6 +287,7 @@ map $ext_if dynamic 10.1.1.2 port 22 <- $ext_if 9022
 
 procedure "log" {
 	# Note: npf_ext_log kernel module should be loaded, if not built-in.
+	# Also, the interface created, e.g.: ifconfig npflog0 create
 	log: npflog0
 }
 
diff --git a/usr.sbin/npf/npfctl/npf_build.c b/usr.sbin/npf/npfctl/npf_build.c
index e0fa3df36962..d3c28e139175 100644
--- a/usr.sbin/npf/npfctl/npf_build.c
+++ b/usr.sbin/npf/npfctl/npf_build.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_build.c,v 1.16 2012/12/10 02:26:04 rmind Exp $	*/
+/*	$NetBSD: npf_build.c,v 1.17 2012/12/23 21:01:04 rmind Exp $	*/
 
 /*-
  * Copyright (c) 2011-2012 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: npf_build.c,v 1.16 2012/12/10 02:26:04 rmind Exp $");
+__RCSID("$NetBSD: npf_build.c,v 1.17 2012/12/23 21:01:04 rmind Exp $");
 
 #include <sys/types.h>
 #include <sys/ioctl.h>
@@ -617,7 +617,8 @@ npfctl_fill_table(nl_table_t *tl, u_int type, const char *fname)
 		}
 
 		/* Create and add a table entry. */
-		npf_table_add_entry(tl, alen, &fam.fam_addr, fam.fam_mask);
+		npf_table_add_entry(tl, fam.fam_family,
+		    &fam.fam_addr, fam.fam_mask);
 	}
 	if (buf != NULL) {
 		free(buf);
diff --git a/usr.sbin/npf/npfctl/npfctl.c b/usr.sbin/npf/npfctl/npfctl.c
index 43bcd245c001..665c55c2060f 100644
--- a/usr.sbin/npf/npfctl/npfctl.c
+++ b/usr.sbin/npf/npfctl/npfctl.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: npfctl.c,v 1.25 2012/12/10 02:26:04 rmind Exp $	*/
+/*	$NetBSD: npfctl.c,v 1.26 2012/12/23 21:01:04 rmind Exp $	*/
 
 /*-
  * Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: npfctl.c,v 1.25 2012/12/10 02:26:04 rmind Exp $");
+__RCSID("$NetBSD: npfctl.c,v 1.26 2012/12/23 21:01:04 rmind Exp $");
 
 #include <sys/ioctl.h>
 #include <sys/stat.h>
@@ -294,7 +294,7 @@ again:
 			errx(EXIT_FAILURE, "invalid CIDR '%s'", arg);
 		}
 		nct.nct_data.ent.alen = alen;
-		memcpy(&nct.nct_data.ent.addr, &fam.fam_addr, sizeof(npf_addr_t));
+		memcpy(&nct.nct_data.ent.addr, &fam.fam_addr, alen);
 		nct.nct_data.ent.mask = fam.fam_mask;
 	}