Hi misc@, so I have been working on a BSD licensed DPI engine. It's a very lightweight, non-intrusive approach and I know that teasers are boring, but I'd like to know if it's worth the time to work on inclusion for pf(4). So far I have about 25 supported applications and the necessary hooks for the pf.conf(5) parts.
The idea is first packet on each side only, no content extraction. It's not meant to be completely accurate, but it might be a good addition to the feature set of pf(4) nonetheless. I have two blog posts with code, and more coming if anyone is interested. Regards, Franco
