There is a packet filter interface (pfil) in the kernel that allows a pseudo
device to intercept ip packets with pfil_add_hook.  Does it make sense to
extend this to capture ARP packets as well as IP packets?  pfil_add_hook
could take a flag to specify which list of hooks you want to add yourself
to - PFIL_IPIN, PFIL_IPOUT, PFIL_ARPIN, and PFIL_ARPOUT (just like the
direction flag now).  I figured I could copy the for loop idea from
ip_input/output to in_arpinput/output and add some arp stuff to the
pfil.c/pfil.h.

Mostly I'm asking because I have written (with help from David Maxwell) a
pseudo device for the kernel that uses the pfil_add_hook to let me play with
packets as they come in and go out (for a project at work), but I also need
to play with ARP.  Should I just hack the ARP for my own purposes, or does a
pfil type interface for arp make sense that I could submit as a PR when I'm
done?

I'm very new to the kernel so I just wanted to get an idea as to whether or
not this is a good way to go ;o)

Thanks!  Mike.