Re: OpenBSD + pf + DPI

2015-12-03 Thread Romain FABBRI 
I don't understant your purpose

What specific protocols would you like to inspect deeply ?

Because the is no base/port complete solution that I am aware of.
And the idea sounds crazy.

Some vendors have filters/plugins/proxies that are application aware...
And it's often disabled by admins because it's making the applications which
doesn't comply strictly to fail


-Message d'origine-
De : owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] De la part de
Alessandro Baggi
Envoyé : mercredi 2 décembre 2015 12:45
À : misc@openbsd.org
Objet : OpenBSD + pf + DPI

Hi list,
I don't know how to start to make Deep Packet Inspection. My interest is
OpenBSD and pf related.

Anyone has already used on OpenBSD? It is possibile on OpenBSD with shipped
(base/ports) software?

Every tips are appreciated.

Thanks in advance.

Re: OpenBSD + pf + DPI

2015-12-02 Thread Alessandro Baggi 
I don't search an all in one solution software for DPI, but asking if 
there is some software on base/ports to accomplish to this purpose and 
if someone had configured a solution with OBSD for DPI (personal 
experiences). My question is malformed, sorry.



Il 02/12/2015 13:25, Romain FABBRI ha scritto:

I don't understant your purpose

What specific protocols would you like to inspect deeply ?

Because the is no base/port complete solution that I am aware of.
And the idea sounds crazy.

Some vendors have filters/plugins/proxies that are application aware...
And it's often disabled by admins because it's making the applications which 
doesn't comply strictly to fail


-Message d'origine-
De : owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] De la part de 
Alessandro Baggi
Envoyé : mercredi 2 décembre 2015 12:45
À : misc@openbsd.org
Objet : OpenBSD + pf + DPI

Hi list,
I don't know how to start to make Deep Packet Inspection. My interest is 
OpenBSD and pf related.

Anyone has already used on OpenBSD? It is possibile on OpenBSD with shipped 
(base/ports) software?

Every tips are appreciated.

Thanks in advance.

Re: OpenBSD + pf + DPI

2015-12-02 Thread Giancarlo Razzolini 
Em 02-12-2015 12:56, Alessandro Baggi escreveu:
> I don't search an all in one solution software for DPI, but asking if
> there is some software on base/ports to accomplish to this purpose and
> if someone had configured a solution with OBSD for DPI (personal
> experiences). My question is malformed, sorry.

Take a look at bro. It's on ports.

Cheers,
Giancarlo Razzolini

Re: OpenBSD + pf + DPI

2015-12-02 Thread Jiri B 
On Wed, Dec 02, 2015 at 01:35:10PM +0100, Patrik Lundin wrote:
> On Wed, Dec 02, 2015 at 12:45:26PM +0100, Alessandro Baggi wrote:
> > Hi list,
> > I don't know how to start to make Deep Packet Inspection. My interest is
> > OpenBSD and pf related.
> > 
> > Anyone has already used on OpenBSD? It is possibile on OpenBSD with shipped
> > (base/ports) software?
> > 
> > Every tips are appreciated.
> > 
> 
> You might want to read divert(4) which describes how to pass packets
> from pf to a userland application and back.

Yep, maybe a way to go would be divert -> some userland app like dnsfilter[1]
but using ndpi code from ntop to just filter based on detected protocol.

[1] http://sha256.net/dnsfilter/

j.

Re: OpenBSD + pf + DPI

2015-12-02 Thread Patrik Lundin 
On Wed, Dec 02, 2015 at 12:45:26PM +0100, Alessandro Baggi wrote:
> Hi list,
> I don't know how to start to make Deep Packet Inspection. My interest is
> OpenBSD and pf related.
> 
> Anyone has already used on OpenBSD? It is possibile on OpenBSD with shipped
> (base/ports) software?
> 
> Every tips are appreciated.
> 

You might want to read divert(4) which describes how to pass packets
from pf to a userland application and back.

-- 
Patrik Lundin

Re: OpenBSD + pf + DPI

2015-12-02 Thread Stuart Henderson 
On 2015-12-02, Alessandro Baggi  wrote:
> Hi list,
> I don't know how to start to make Deep Packet Inspection. My interest is 
> OpenBSD and pf related.
>
> Anyone has already used on OpenBSD? It is possibile on OpenBSD with 
> shipped (base/ports) software?
>
> Every tips are appreciated.
>
> Thanks in advance.
>
>

You can inspect packets deeply with tcpdump(1)...

Without more information about what you want to do, this isn't really
something anyone can answer sensibly.