Hi folks...

I'm working on a project (a packet classification framework) that uses
the PFIL_HOOKS mechanism.  However, the placement of the PFIL_HOOKS
filtering points is problematic.

Specifically, the filtering point is located *after* the ip_len and
ip_off fields are converted to host order in the ip_input() case, and
*before* they are converted to network byte order in the ip_output()
case.

I would like to change this (I have changed this in my own source
tree) ... compatibility can be maintained with a wrapper function
for the only current user of the PFIL_HOOKS mechanism (IP Filter) (in
fact, I am already using a wrapper function for IP Filter for another
reason, which I will post about later).

I'd like to get other people's opinion on this before I commit it
to NetBSD-current.

Note I haven't fixed the ip_output() case yet (which is simply a
known bug with my project :-) -- that path is a little tricker, but
before I put all that effort into it, I wanna get people's thoughts.

-- 
        -- Jason R. Thorpe <thorpej@zembu.com>

Index: ip_input.c
===================================================================
RCS file: /cvsroot/syssrc/sys/netinet/ip_input.c,v
retrieving revision 1.119
diff -c -r1.119 ip_input.c
*** ip_input.c	2000/10/13 01:50:04	1.119
--- ip_input.c	2000/11/07 03:53:40
***************
*** 414,425 ****
  		goto bad;
  	}
  
! 	/*
! 	 * Convert fields to host representation.
! 	 */
! 	NTOHS(ip->ip_len);
! 	NTOHS(ip->ip_off);
! 	len = ip->ip_len;
  
  	/*
  	 * Check for additional length bogosity
--- 414,421 ----
  		goto bad;
  	}
  
! 	/* Retrieve the packet length. */
! 	len = ntohs(ip->ip_len);
  
  	/*
  	 * Check for additional length bogosity
***************
*** 480,485 ****
--- 476,487 ----
  			ip = mtod(m, struct ip *);
  		}
  #endif /* PFIL_HOOKS */
+ 
+ 	/*
+ 	 * Convert fields to host representation.
+ 	 */
+ 	NTOHS(ip->ip_len);
+ 	NTOHS(ip->ip_off);
  
  	/*
  	 * Process options and, if not destined for us,