NPF -- NetBSD packet filter
NPF is a layer 3 packet filter, supporting IPv4 and IPv6 as well as layer 4 protocols such as TCP, UDP, and ICMP. It was designed with a focus on high performance, scalability, and modularity.
NPF offers the traditional set of features provided by packet filters. Some key features are: Stateful inspection (connection tracking). Network address translation (NAT). This includes static (stateless) and dynamic (stateful) translation, port transla- tion, bi-directional NAT, etc. IPv6-to-IPv6 network prefix translation (NPTv6). Tables for efficient IP sets. Application Level Gateways (e.g., to support traceroute). Use of BPF with just-in-time (JIT) compilation. Rule procedures and a framework for NPF extensions. Traffic normalisation (extension). Packet logging (extension). For a full set of features and their description, see the NPF documenta- tion website and other manual pages.
libnpf(3), bpf(4), bpfjit(4), npf.conf(5), npf-params(7), pcap-filter(7), npfctl(8), npfd(8) NPF project page: NPF documentation website:
NPF was written from scratch in 2009 and is distributed under the 2-clause BSD license. It first appeared in NetBSD 6.0.
NPF was designed and implemented by Mindaugas Rasiukevicius. NetBSD 9.0 August 11, 2019 NetBSD 9.0
