pflog_bpfcopy


grabs pflog header with extra info
last not least: new addresses/ports after NAT

copies all data

makes up a fake mbuf, pointing to the bpf buffer for data storage
same mbuf recycled all the time, for performance

calls pf_translate
after some magic... pf_setup_pdesc, monster refactoring