Franco Fichtner <slashy83 <at> gmail.com> writes: > so I have been working on a BSD licensed DPI engine. It's a > very lightweight, non-intrusive approach and I know that teasers > are boring, but I'd like to know if it's worth the time to > work on inclusion for pf(4). So far I have about 25 supported > applications and the necessary hooks for the pf.conf(5) parts.
If DPI stands for Deep Packet Inspection, than (afaik) it was discussed before: this kind of inspection is too complex to put into a kernel. relayd already supports L7 filtering at least for http, so if something is to be improved in this area, relayd is better place, imo.