Reimplementing broadcast check for ARP
	--------------------------------------

When building the new ARP system, I left commented out the test that
the reported linklevel address is not the broadcast address). 

Problem was that the new ARP system can't know, per se, what the
broadcast address IS.

I see this condition on my home session (because of an unspoken
betatest version of some TCP/IP stack I'm using with AmigaOS on one of
my machines), and, actually, without the test there's a "nice" DOS
attack possible.

I'm considering two possible fixes:

==A==

- an additional u_int8_t *if_broadcastaddress at the end of struct ifnet
- if_ether/fddisubr, if_arcsubr (and future arping protocols) initialize it
- if it is non-null, netinet/if_arp.c:in_arpinput() checks for it (instead 
  of etherbroadcastaddr), in the now commented out code part around line 510.

However, even multicast addresses should be inappropriate for ARP entries:

==B==
- an additional int (*if_multicasttest)(u_int8_t *) at the end of struct ifnet
- if_ether/fddisubr, if_arcsubr (and future arping protocols) initialize it to
  something like ETHER_ISMULTICAST
- if it is non-null, netinet/if_arp.c:in_arpinput() calls it to do the test.


What do you think?

==A== needs about 4 lines added, 1 changed, and 7 lines changed back
from comment to code.

==B== needs, additionally, 3 or so lines per ether/fddi/arcsubr.

Regards,
	Ignatios