{"id":15148641,"url":"https://github.com/huhndev/gofilter","last_synced_at":"2026-05-18T01:39:39.053Z","repository":{"id":231743162,"uuid":"744956092","full_name":"huhndev/gofilter","owner":"huhndev","description":"OpenBSD PF string filter using divert(4).","archived":false,"fork":false,"pushed_at":"2026-03-24T20:15:18.000Z","size":22,"stargazers_count":2,"open_issues_count":3,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2026-03-26T01:37:49.914Z","etag":null,"topics":["firewall","golang","openbsd","pf"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/huhndev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-01-18T10:52:31.000Z","updated_at":"2026-03-24T20:15:22.000Z","dependencies_parsed_at":null,"dependency_job_id":"4c89263f-5905-45b3-876e-2a5acc7f6534","html_url":"https://github.com/huhndev/gofilter","commit_stats":{"total_commits":3,"total_committers":1,"mean_commits":3.0,"dds":0.0,"last_synced_commit":"631c9c1e8e21c30e286465155553bea1515f7762"},"previous_names":["huhnsystems/gostrings","huhndev/gofilter"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/huhndev/gofilter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/huhndev%2Fgofilter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/huhndev%2Fgofilter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/huhndev%2Fgofilter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/huhndev%2Fgofilter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/huhndev","download_url":"https://codeload.github.com/huhndev/gofilter/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/huhndev%2Fgofilter/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33162111,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-17T22:39:12.733Z","status":"ssl_error","status_checked_at":"2026-05-17T22:39:10.741Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["firewall","golang","openbsd","pf"],"created_at":"2024-09-26T13:21:22.737Z","updated_at":"2026-05-18T01:39:39.010Z","avatar_url":"https://github.com/huhndev.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003ccode\u003egofilter\u003c/code\u003e is a string filter for PF on OpenBSD using divert(4). \n\u003c/p\u003e\n\n#\n\n### Main Features\n\n- Filters packets based on strings\n- No noticeable degradation of latency\n- 30% of the original bandwidth available\n\n#\n\n\u003e [!IMPORTANT]\n\u003e `gofilter` is pre-alpha software.\n\n***\n\n### Usage\n\n```\nUsage of gofilter:\n  -f string\n        strings to filter, comma separated\n  -p int\n        divert socket listening port (default 700)\n```\n\n`gofilter` makes use of the kernel packet diversion mechanism [divert(4)].\nTherefore, PF has to be configured accordingly. For example to filter inbound\nDNS traffic:\n\n```\npass in proto udp to any port 53 divert-packet port 700\n```\n\n### Caveats\n\n\u003e [!CAUTION]\n\u003e TCP segmentation offload will need to be disabled for the filter to not choke on\n\u003e large TCP packets:\n\u003e\n\u003e ```\n\u003e sysctl net.inet.tcp.tso=0\n\u003e ```\n\n\u003e [!CAUTION]\n\u003e IPv6 is currently broken at all.\n\n### Performance\n\n- `gofilter` reduces the available bandwidth down to 30%\n- `gofilter` worsens the reliability of the traffic, as the standard deviation of the\n  available bandwidth is very high\n\n```\n# Without gofilter\nbandwidth min/avg/max/std-dev = 927.681/934.177/935.895/2.475 Mbps\n\n# gofilter, without filter\nbandwidth min/avg/max/std-dev = 0.023/310.585/925.562/293.994 Mbps\n\n# gofilter, 1 filter\nbandwidth min/avg/max/std-dev = 0.000/308.867/935.003/282.638 Mbps\n\n# gofilter, 2 filter\nbandwidth min/avg/max/std-dev = 0.023/313.504/916.121/261.767 Mbps\n\n# gofilter, 10 filter\nbandwidth min/avg/max/std-dev = 0.092/315.832/910.908/264.350 Mbps\n```\n\n### License\n\nThe package may be used under the terms of the ISC License a copy of\nwhich may be found in the file [LICENSE].\n\nUnless you explicitly state otherwise, any contribution submitted for inclusion\nin the work by you shall be licensed as above, without any additional terms or\nconditions.\n\n[LICENSE]: https://github.com/huhndev/gofilter/blob/master/LICENSE\n[divert(4)]: https://man.openbsd.org/divert.4\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhuhndev%2Fgofilter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhuhndev%2Fgofilter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhuhndev%2Fgofilter/lists"}