To: None <email@example.com>
From: Steven M. Bellovin <firstname.lastname@example.org>
Date: 01/11/2005 16:27:46
As I mentioned several months ago, I've implemented a null network
interface for NetBSD. The problem I have is that packets sent to the
interface address are not discarded; instead, they're treated as
destined for the machine itself.
I don't see any obvious way to fix the problem. One thought I had was
a per-interface flag saying "no local addresses here". It seems kind
of clumsy; besides, there are no free flags in struct ifnet. (I
actually grepped the kernel to see if IFF_NOTRAILERS and IFF_NOARP are
still used. To my surprise, they are.) There is a pad short
following if_flags; maybe the two fields could be coalesced, though I
worry about breaking binary compatibility on some architectures.
A slightly better place for a flag is in struct ifaddr, where it could
be per-address. There's a u_int flag field there; the comment says
"mostly rt_flags for cloning", but only one flag is defined in if.h.
Even with these problems, it's still possible to use ifnull: assign the
interfaces non-routable addresses, and simply route desired netblocks
to the interface. But that's clumsy and not the semantics I really
--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb