pflog overhaul

pflog was logging the "wrong" as in not yet rewritten (nat/rdr) addresses.
to address this without making an extra copy of the mbuf chain:
-introduce bpf_mtap_pflog, which is a 1:1 copy of bpf_mtap_hdr, except that
it supplies bpf_catchpacket with pflog_bpfcopy as copy function instead of
plain bcopy
-said new shiny pflog_bpfcopy knows what a pflog packet looks like, copies
everything into bpf's buffer, contructs a fake mbuf (which is allocated once
at attach time and reused over and over) which points to the bpf buffer
as data storage
-call pf_setup_pdesc on said fake mbuf
-then call pf_translate to rewrite the addresses as needed right in the
bpf buffer
this changes the pflog header as we have to pass the new addresses/ports
around. relies on canacar's awesome work in libpcap to work olrite with the
new, longer pflog header as well as with the old, shorter one.
almost completely written at c2k10 in canada, finished here at j2k10 in
japan. ok ryan dlg

1 files changed, 2 insertions, 1 deletions

diff --git a/sys/net/bpf.h b/sys/net/bpf.h
index e6fd3478dfb..b3590edf9ed 100644
--- a/sys/net/bpf.h
+++ b/sys/net/bpf.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bpf.h,v 1.39 2010/06/26 16:49:01 henning Exp $	*/
+/*	$OpenBSD: bpf.h,v 1.40 2010/09/21 04:06:37 henning Exp $	*/
 /*	$NetBSD: bpf.h,v 1.15 1996/12/13 07:57:33 mikel Exp $	*/
 
 /*
@@ -273,6 +273,7 @@ void	 bpf_mtap(caddr_t, struct mbuf *, u_int);
 void	 bpf_mtap_hdr(caddr_t, caddr_t, u_int, struct mbuf *, u_int);
 void	 bpf_mtap_af(caddr_t, u_int32_t, struct mbuf *, u_int);
 void	 bpf_mtap_ether(caddr_t, struct mbuf *, u_int);
+void	 bpf_mtap_pflog(caddr_t, caddr_t, struct mbuf *);
 void	 bpfattach(caddr_t *, struct ifnet *, u_int, u_int);
 void	 bpfdetach(struct ifnet *);
 void	 bpfilterattach(int);