>The KAME ipsec code appears to overload the m->m_pkthdr.rcvif packet
>header field for output; in particular, a "struct socket *" is stuffed
>into that pointer instead of a "struct ifnet *".
>This is somewhat unclean, and also makes it somewhat more difficult to
>implement hot-swappable network interfaces (one piece of the ifdetach
>work involves reference counting interfaces so you know when it's safe
>to delete one).
>The chance confusing an "inbound" packet (with a struct ifnet *) and
>an "outbound" one (with a "struct socket") seems rather high.
>How about adding a "snd_so" field to m_pkthdr?

	KAME team has been using the field as workaround.  We did not want
	to add extra argument just for this (ipsec policy engine is still
	under much of discussion so we may need to change this later again).

	I totally agree that it is cleaner to add field to struct mbuf,
	however, I really hesitate to add member into mbuf, as in many
	case the usable data size in mbuf matters.  on architectures
	with sizeof(void *) == 4, MHLEN will be 100 and this captures
	short packets, which are commonly used in tcp ack and others.
	We may want to increase MSIZE into 256 (even on non-64bit arch) if
	we need to add more fields.

	I welcome comments from others...

itojun