der Mouse wrote:

> I have a problem that I think is most easily addressed by adding a new
> interface flag;
> so I could "ifconfig le1 bpfonly"
> or some such and then be confident that not only it won't receive and
> therefore won't forward IP packets, but it won't be confused by forged
> ARP replies or other non-IP packets.

ISTM that the >correct< behaviour should be that, on a per-protocol basis,
an interface should only accept packets for a protocol stack where a
(valid?) address has been configured for it, otherwise not to participate
in that protocol.  BPF, of course would continue to work for all packets
because it's a link-layer hack.

That way you might have half a dozen protocols in your kernel, and
decide to run some protocols out of one interface and other protocols
out of others, and possibly even have the different interfaces on the
same wire, without inteference.

Then, for pure snooping purposes, you'd just ifconfig the interface
up *without* setting any network protocol's addresses, and it should
not participate in anything, but still be useable as a snoop device.

Maybe do this by putting a bit array indexed by PF_* into ifnet, and
set the appropriate bit at SIOCAIFADDR time, or something ?  Would
the extra bit test co$t per packet input be significant ?

-- 
Ronald Khoo <ronald@demon.net> Voice: +44 181 371 1000 Fax: +44 181 371 1150
Politicians are like buses: you don't see any for ages, then comes the
general election and three turn up all at once -- local rag.