[This is an edited version of  an earlier  private message]



I don't get why we need to change the semantics quite so violently.

RFC951 says that a BOOTP host that doesn't know its address should
accept any UDP packets addressed to the bootpc port, regardless of
the IP address.  RFC951 says a host that doesn't know its IP address
should discard packets that:
	* Are not BOOTreplys
	* do not match the local IP address, if  known, or the local
	  MAC address;
	* Don't match any bootp xid.

Since you ask for suggestions: 

Can we at least add checks for the above conditions and be sure to
drop the packets that rfc951 says to drop, instead of accepting *all*
packets on an i/f with address INADRR_NONE?

I think that would mean adding:
	* ip_input checking for a dest addr of INADDR_ANY, and
	  dropping packets that aren't IPPROTO_UDP;
	* udp_input checking for destaddr of INADDR_ANY,
	   and silently dropping such packets if the destination
	   port isn't the bootp client port.

	* I assume the in-kernel bootp client is already checking the xid,

(If we could, I'd advocate that if an interface address is unknown, we
dropped all IP packets unless their destination address is
INADDR_NONE, and tehn applied the RFC951 tests; but that violates both
RFC951 and our own bootpgw implementation.)