On Tue, Jan 29, 2013 at 12:52 AM, Andres Perera <andre...@zoho.com> wrote: > On Mon, Jan 28, 2013 at 7:43 PM, Bohdan Tashchuk <btashc...@yahoo.com> wrote: >> Hi guys, >> >> For many years, I've read pf and dhcp related threads like, e.g.: >> http://marc.info/?l=openbsd-misc&m=125907434809727&w=2 >> >> Some text from that post: >> "dhcp packets are grabbed by dhclient or dhcpd before pf sees them." >> >> My understanding, based on comments in a number of threads like that, >> is that NO MATTER WHAT IS IN PF RULES, that dhcpd and dhclient should >> both work fine. This is because dhcpd and dhclient both use bpf to >> completely bypass pf. > > when dhclient sends an unicast message, such as when renewing a lease, > it doesn't use bpf fd... it uses a "regular" socket and writes to it > using sendmsg() > > the relevant code is send_packet() in src/sbin/dhclient/bpf.c and > if_register_send() in the same file for the unicast socket > instantiation routine
more than that, really, why should you or anybody care using bpf or not should be an implementation detail. no one should be making decisions as far as their pf config goes based upon whether dhclient uses bpf or not ideally dhclient should be able to write broadcast messages without bpf! it wouldn't be a significant simplification but it's still something
