From owner-freebsd-hackers@FreeBSD.ORG  Mon Nov 25 19:48:39 2013
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 63C46D50
 for <freebsd-hackers@freebsd.org>; Mon, 25 Nov 2013 19:48:39 +0000 (UTC)
Received: from mailb.knobbe.us (mailb.knobbe.us [66.179.102.190])
 by mx1.freebsd.org (Postfix) with SMTP id 30F06247F
 for <freebsd-hackers@freebsd.org>; Mon, 25 Nov 2013 19:48:38 +0000 (UTC)
Received: from localhost (HELO mail.knobbe.us)
 by localhost with SMTP; 25 Nov 2013 13:48:38 -0600
Date: Mon, 25 Nov 2013 13:48:37 -0600
From: Frank Knobbe <frank@knobbe.us>
To: freebsd-hackers <freebsd-hackers@freebsd.org>
Subject: Re: Do pfil(9) hooks receive TCP retransmissions?
Message-ID: <20131125194837.GC75749@knobbe.us>
References: <20131125181232.GB6275@kiwi.coupleofllamas.com>
 <20131125183829.GA75749@knobbe.us>
 <20131125190803.GC6275@kiwi.coupleofllamas.com>
 <20131125192633.GB75749@knobbe.us>
 <20131125194243.GD6275@kiwi.coupleofllamas.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20131125194243.GD6275@kiwi.coupleofllamas.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Nov 2013 19:48:39 -0000

On Mon, Nov 25, 2013 at 11:42:43AM -0800, R. Tyler Croy wrote:
> I don't disagree with you that this might be a large amount of effort.
> Unfortunately I've not found any existing tools that give me the ability to
> create application layer filtering, while still acting as a full transparent
> TCP proxy.
> 
> Performing such filtering in an HTTP proxy is fine, but I'm more interested
> (academically) in filtering traffic transparently across more than just HTTP.

"filtering traffic transparently" sounds like an IPS to me. 
Have you looked at Snort or Suricata (both free IPS software) to perform
the filtering you desire? Perhaps you could build something on top of these?

Cheers,
Frank