more Dragons!


we broke more on the way... pflog

pflog passes the mbuf up to bpf with a pflog header prepended

old NAT code rewrote the packet early and often
slow! horribly complex if we had to undo it (e. g. icmp err reply)

now we don't... and passed the UNMODIFIED packet up for logging
and nobody noticed, for at least a year!?!