{"id":26351209,"url":"https://github.com/huhnsystems/gofilter","last_synced_at":"2025-03-16T10:19:42.477Z","repository":{"id":231743162,"uuid":"744956092","full_name":"huhnsystems/gofilter","owner":"huhnsystems","description":"OpenBSD PF string filter using divert(4).","archived":false,"fork":false,"pushed_at":"2025-03-15T08:35:03.000Z","size":18,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-15T09:22:33.377Z","etag":null,"topics":["firewall","golang","openbsd","pf"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/huhnsystems.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"docs/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/SECURITY.md","support":null,"governance":null,"roadmap":"docs/ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-01-18T10:52:31.000Z","updated_at":"2025-03-15T08:35:07.000Z","dependencies_parsed_at":null,"dependency_job_id":"4c89263f-5905-45b3-876e-2a5acc7f6534","html_url":"https://github.com/huhnsystems/gofilter","commit_stats":{"total_commits":3,"total_committers":1,"mean_commits":3.0,"dds":0.0,"last_synced_commit":"631c9c1e8e21c30e286465155553bea1515f7762"},"previous_names":["huhnsystems/gostrings"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/huhnsystems%2Fgofilter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/huhnsystems%2Fgofilter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/huhnsystems%2Fgofilter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/huhnsystems%2Fgofilter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/huhnsystems","download_url":"https://codeload.github.com/huhnsystems/gofilter/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243853152,"owners_count":20358379,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["firewall","golang","openbsd","pf"],"created_at":"2025-03-16T10:19:41.871Z","updated_at":"2025-03-16T10:19:42.456Z","avatar_url":"https://github.com/huhnsystems.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003ccode\u003egofilter\u003c/code\u003e is a string filter for PF on OpenBSD using divert(4). \n\u003c/p\u003e\n\n#\n\n### Main Features\n\n- Filters packets based on strings\n- No noticeable degradation of latency\n- 30% of the original bandwidth available\n\n#\n\n\u003e [!IMPORTANT]\n\u003e `gofilter` is pre-alpha software.\n\n\u003e [!NOTE]\n\u003e In [CHANGELOG.md] you can follow recent changes.\n\u003e [ROADMAP.md] shows our future plans.\n\n***\n\n### Usage\n\n```\nUsage of gofilter:\n  -f string\n        strings to filter, comma separated\n  -p int\n        divert socket listening port (default 700)\n```\n\n`gofilter` makes use of the kernel packet diversion mechanism [divert(4)].\nTherefore, PF has to be configured accordingly. For example to filter inbound\nDNS traffic:\n\n```\npass in proto udp to any port 53 divert-packet port 700\n```\n\n### Caveats\n\n\u003e [!CAUTION]\n\u003e TCP segmentation offload will need to be disabled for the filter to not choke on\n\u003e large TCP packets:\n\u003e\n\u003e ```\n\u003e sysctl net.inet.tcp.tso=0\n\u003e ```\n\n\u003e [!CAUTION]\n\u003e IPv6 is currently broken at all.\n\n### Performance\n\n- `gofilter` reduces the available bandwidth down to 30%\n- `gofilter` worsens the reliability of the traffic, as the standard deviation of the\n  available bandwidth is very high\n\n```\n# Without gofilter\nbandwidth min/avg/max/std-dev = 927.681/934.177/935.895/2.475 Mbps\n\n# gofilter, without filter\nbandwidth min/avg/max/std-dev = 0.023/310.585/925.562/293.994 Mbps\n\n# gofilter, 1 filter\nbandwidth min/avg/max/std-dev = 0.000/308.867/935.003/282.638 Mbps\n\n# gofilter, 2 filter\nbandwidth min/avg/max/std-dev = 0.023/313.504/916.121/261.767 Mbps\n\n# gofilter, 10 filter\nbandwidth min/avg/max/std-dev = 0.092/315.832/910.908/264.350 Mbps\n```\n\n### Contributing\n\nSee [CONTRIBUTING.md]\n\n### Security\n\nSee [SECURITY.md]\n\n### License\n\nThe package may be used under the terms of the ISC License a copy of\nwhich may be found in the file [LICENSE].\n\nUnless you explicitly state otherwise, any contribution submitted for inclusion\nin the work by you shall be licensed as above, without any additional terms or\nconditions.\n\n[ROADMAP.md]:\nhttps://github.com/huhnsystems/gofilter/blob/master/docs/ROADMAP.md\n[CHANGELOG.md]:\nhttps://github.com/huhnsystems/gofilter/blob/master/docs/CHANGELOG.md\n[CONTRIBUTING.md]:\nhttps://github.com/huhnsystems/gofilter/blob/master/docs/CONTRIBUTING.md\n[SECURITY.md]:\nhttps://github.com/huhnsystems/gofilter/blob/master/docs/SECURITY.md\n[LICENSE]: https://github.com/huhnsystems/gofilter/blob/master/LICENSE\n[divert(4)]: https://man.openbsd.org/divert.4\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhuhnsystems%2Fgofilter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhuhnsystems%2Fgofilter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhuhnsystems%2Fgofilter/lists"}