From: Janne Johansson Subject: Re: dhcpd(8): use UDP sockets instead of BPF To: David Gwynne Cc: tech@openbsd.org Date: Fri, 13 Jun 2025 08:54:52 +0200 Den fre 13 juni 2025 kl 05:33 skrev David Gwynne : > > tl;dr this replaces bpf with udp sockets in dhcpd, mostly to make it > better at replying with the ip that requests were sent to. > while i've tried to make dhcpd work the same as it did before this > change, there is a big semantic difference that's outside it's control. > bpf operated before pf, so you didn't have to write rules in pf.conf to > allow dhcpd to work. because udp socket processing happens as part of > the network stack, dhcp packets are now subject to pf. if you have a > default deny ruleset, you have to explicitly allow dhcp packets in your > ruleset. While it is a change in behaviour, I would not think it would be a showstopper. I do like the idea that a client can have a maximally restrictive pf config and still use dhcp, but on the server side I would be less surprised to not be able to sidestep the filtering. -- May the most significant bit of your life be positive.