A step in resolving mess with byte ordering for AF_INET. After this change:

  - All packets in NETISR_IP queue are in net byte order.
  - ip_input() is entered in net byte order and converts packet
    to host byte order right _after_ processing pfil(9) hooks.
  - ip_output() is entered in host byte order and converts packet
    to net byte order right _before_ processing pfil(9) hooks.
  - ip_fragment() accepts and emits packet in net byte order.
  - ip_forward(), ip_mloopback() use host byte order (untouched actually).
  - ip_fastforward() no longer modifies packet at all (except ip_ttl).
  - Swapping of byte order there and back removed from the following modules:
    pf(4), ipfw(4), enc(4), if_bridge(4).
  - Swapping of byte order added to ipfilter(4), based on __FreeBSD_version
  - __FreeBSD_version bumped.
  - pfil(9) manual page updated.

Reviewed by:	ray, luigi, eri, melifaro
Tested by:	glebius (LE), ray (BE)

1 files changed, 0 insertions, 15 deletions

diff --git a/sys/net/if_enc.c b/sys/net/if_enc.c
index cc516d7..efd3fc7 100644
--- a/sys/net/if_enc.c
+++ b/sys/net/if_enc.c
@@ -270,23 +270,8 @@ ipsec_filter(struct mbuf **mp, int dir, int flags)
 	switch (ip->ip_v) {
 #ifdef INET
 		case 4:
-			/*
-			 * before calling the firewall, swap fields the same as
-			 * IP does. here we assume the header is contiguous
-			 */
-			ip->ip_len = ntohs(ip->ip_len);
-			ip->ip_off = ntohs(ip->ip_off);
-
 			error = pfil_run_hooks(&V_inet_pfil_hook, mp,
 			    encif, dir, NULL);
-
-			if (*mp == NULL || error != 0)
-				break;
-
-			/* restore byte ordering */
-			ip = mtod(*mp, struct ip *);
-			ip->ip_len = htons(ip->ip_len);
-			ip->ip_off = htons(ip->ip_off);
 			break;
 #endif
 #ifdef INET6