>that is part of why there are actually three copies of the iptables code in the kernel.
_Four_ of them: ip, ip6, arp, eb.
And the kickoff for the mess is that someone decided to do a parallel copy, from struct ipt_ip to ip6t_ip6 instead of creating a higher level that could contain either ipt or ip6t as sub-data. (E.g. footabels -m ip6t) Then lots of the table management mess could have been avoided.