On Mon, Jan 28, 2013 at 7:43 PM, Bohdan Tashchuk <[email protected]> wrote: > Hi guys, > > For many years, I've read pf and dhcp related threads like, e.g.: > http://marc.info/?l=openbsd-misc&m=125907434809727&w=2 > > Some text from that post: > "dhcp packets are grabbed by dhclient or dhcpd before pf sees them." > > My understanding, based on comments in a number of threads like that, > is that NO MATTER WHAT IS IN PF RULES, that dhcpd and dhclient should > both work fine. This is because dhcpd and dhclient both use bpf to > completely bypass pf.
when dhclient sends an unicast message, such as when renewing a lease, it doesn't use bpf fd... it uses a "regular" socket and writes to it using sendmsg() the relevant code is send_packet() in src/sbin/dhclient/bpf.c and if_register_send() in the same file for the unicast socket instantiation routine
