On Wed, Dec 02, 2015 at 01:35:10PM +0100, Patrik Lundin wrote: > On Wed, Dec 02, 2015 at 12:45:26PM +0100, Alessandro Baggi wrote: > > Hi list, > > I don't know how to start to make Deep Packet Inspection. My interest is > > OpenBSD and pf related. > > > > Anyone has already used on OpenBSD? It is possibile on OpenBSD with shipped > > (base/ports) software? > > > > Every tips are appreciated. > > > > You might want to read divert(4) which describes how to pass packets > from pf to a userland application and back.
Yep, maybe a way to go would be divert -> some userland app like dnsfilter[1] but using ndpi code from ntop to just filter based on detected protocol. [1] http://sha256.net/dnsfilter/ j.