Packet tagging

attach and read mbuf (packet) tags
filter decisions can store (simple) information accross interfaces
e.g. add tag 'came in on $int_if' on internal interface, then match packets with such tags on other interfaces
other parts of the stack can attach and read tags
e.g. bridge can filter on MAC address and add tags, pf can filter based on bridge tags and IP level criteria
and pf added tags can be used by other components (obviously altq, but also ipsec)