In some email I received from Jason R Thorpe, sie wrote:
> Hi folks...
> 
> I'm working on a project (a packet classification framework) that uses
> the PFIL_HOOKS mechanism.  However, the placement of the PFIL_HOOKS
> filtering points is problematic.
> 
> Specifically, the filtering point is located *after* the ip_len and
> ip_off fields are converted to host order in the ip_input() case, and
> *before* they are converted to network byte order in the ip_output()
> case.
> 
> I would like to change this (I have changed this in my own source
> tree) ... compatibility can be maintained with a wrapper function
> for the only current user of the PFIL_HOOKS mechanism (IP Filter) (in
> fact, I am already using a wrapper function for IP Filter for another
> reason, which I will post about later).
> 
> I'd like to get other people's opinion on this before I commit it
> to NetBSD-current.
> 
> Note I haven't fixed the ip_output() case yet (which is simply a
> known bug with my project :-) -- that path is a little tricker, but
> before I put all that effort into it, I wanna get people's thoughts.

Hmm.

What about if a pfil hook is called from elsewhere (say ICMP), gets
the mbuf passed and tries to run a BPF filter over the IP + ICMP
header ?  Or should that filter never look at the IP header ?

You haven't mentioned why you want them in network byte order, here,
but if you're using BPF for the filtering, I have to wonder whether
this is beneficial.  The alternative of chaning BPF isn't attractive
either.

Darren