On Thu, 12 Nov 1998, Ronald Khoo wrote:
> Perhaps what is needed is to be able to mark individual
> interfaces `strong' or `weak' instead.  [...]

Or mark individual IP addresses `strong' or `weak'; see below for
justification.

> The `useful' semantics would be that a `strong' end would
> only accept packets addressed to its address *or any of its
> weak end addresses*.  Problem is that I can't think of an
> efficient way to implement this.  One would have to
> traverse a list of weak end addresses for every comparison.
> Eeeeuuuwww.....

You seem to be thinking "when we are about to accept a packet from
a `strong' interface, check the destination IP address against a
(potentially long) list of acceptable addresses for this interface".
But you can turn it around to "when we are about to accept a packet to a
`strong' IP address, check that the actual input interface was the one
and only acceptable interface for this IP address".  That way, there are
no long lists to traverse, but you might have to remember the packet's
input interface for a bit longer that would otherwise be necessary.

--apb (Alan Barrett)