I am trying to implement a pfil so which taps into any outgoing http packet . I have registered the outgoing hook to IP 
layer . In the out hook I am able to extract data (source & destination ip addr & port nos. using mtod from IP & TCP 
headers present in mbuf . I am able to intercept all the phrelay/qconn packets being exchanged . But I am not able to 
intercept any http packet when I invoke the browser and open any webpage . I dont get any trace in sloginfo with 
destination port as 80 which http uses . 

Please provide any pointers as to whats required to intercept a http request packet in pfil  .

Below is a code snippet for reference : 

struct pfil_head *pfh_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET);
pfil_add_hook(output_hook, NULL, PFIL_OUT | PFIL_WAITOK,pfh_inet);

static int output_hook(void *arg, struct mbuf **m,
                       struct ifnet *ifp, int dir)
{
    out_bytes += (*m)->m_len;
    struct mbuf* trav = (*m);
do{
	short mbuf_type = trav->m_type;
    int mbuf_length = 0;
    mbuf_length = trav->m_len;
    int mbuf_flags = trav->m_flags;

    slogf( _SLOG_SETCODE(_SLOGC_TEST, 2),
            	           _SLOG_ERROR,
            	           "in our output_hook() mbuf len:%d type:%d flags:%d",
            	           	   	   	   	   	   mbuf_length,mbuf_type,mbuf_flags);

    // found a packet header mbuf
    if(M_PKTHDR == mbuf_flags && MT_HEADER == mbuf_type )
    {
    	struct	pkthdr pkthdr_data = trav->m_pkthdr;
    	slogf( _SLOG_SETCODE(_SLOGC_TEST, 2),
							   _SLOG_ERROR,
							   "in our output_hook() packet hdr len:%d csumflags:%d csumdata:%u segsize:%u",							   pkthdr_data.len,
pkthdr_data.csum_flags,pkthdr_data.csum_data,pkthdr_data.segsz);
}
    // found a data packet mbuf but where is it ???
    if(mbuf_length > 0 )
    {
    	struct ip *ipheader = NULL;
    	ipheader = mtod(trav,struct ip *);

        // lookout for TCP packets
        if(ipheader && (IPPROTO_TCP == ipheader->ip_p))
        {
        	slogf( _SLOG_SETCODE(_SLOGC_TEST, 2),_SLOG_ERROR,
        	    						"in our output_hook() source ip : %d:%d:%d:%d",
        	    						(int)(ipheader->ip_src.s_addr&0xFF),
        	    						(int)((ipheader->ip_src.s_addr&0xFF00)>>8),
        	    						(int)((ipheader->ip_src.s_addr&0xFF0000)>>16),
        	    						(int)((ipheader->ip_src.s_addr&0xFF000000)>>24));


        	slogf( _SLOG_SETCODE(_SLOGC_TEST, 2),_SLOG_ERROR,
        	        	    	 	"in our output_hook() dest ip : %d:%d:%d:%d",
        	        	    	 	(int)(ipheader->ip_dst.s_addr&0xFF),
									(int)((ipheader->ip_dst.s_addr&0xFF00)>>8),
									(int)((ipheader->ip_dst.s_addr&0xFF0000)>>16),
									(int)((ipheader->ip_dst.s_addr&0xFF000000)>>24));

        	slogf( _SLOG_SETCODE(_SLOGC_TEST, 2),_SLOG_ERROR,
        	        	        	    	 	"in our output_hook() version : %d hdrl : %d length : %d",
        	        	        	    	 	ipheader->ip_v,ipheader->ip_hl,ipheader->ip_len);


        	// offset to the tcp header which follows the ip header
        	struct tcphdr *tcpheader = NULL;
        	int iphdrsize = sizeof(struct ip);
        	tcpheader= (struct tcphdr *)((void *)ipheader + iphdrsize);

          
            if(tcpheader)
        	{
        		slogf( _SLOG_SETCODE(_SLOGC_TEST, 2),_SLOG_ERROR,
        		        	"in our output_hook() source port : %d dest port : %d",
        		        	  ntohs(tcpheader->th_sport),ntohs(tcpheader->th_dport));
        	}
        }
    }
    // go to next buf in chain
   trav=trav->m_next;
}while(NULL != trav);

TIA
Atish