Steven M. Bellovin a écrit :

>As I mentioned several months ago, I've implemented a null network 
>interface for NetBSD.  The problem I have is that packets sent to the 
>interface address are not discarded; instead, they're treated as 
>destined for the machine itself.
>  
>
You should use only reject or blackhole routes. They can be added with
the following options:
     -reject    RTF_REJECT     - emit an ICMP unreachable when matched
     -blackhole RTF_BLACKHOLE  - silently discard pkts (during updates)
(see man route).

So, in case of an address on the interface, it should not be added into
the system address list, and a /32 reject or blackhole route can be set.

Regards,
  Vincent

>I don't see any obvious way to fix the problem.  One thought I had was 
>a per-interface flag saying "no local addresses here".  It seems kind 
>of clumsy; besides, there are no free flags in struct ifnet.  (I 
>actually grepped the kernel to see if IFF_NOTRAILERS and IFF_NOARP are 
>still used.  To my surprise, they are.)  There is a pad short 
>following if_flags; maybe the two fields could be coalesced, though I 
>worry about breaking binary compatibility on some architectures.
>
>A slightly better place for a flag is in struct ifaddr, where it could 
>be per-address.  There's a u_int flag field there; the comment says 
>"mostly rt_flags for cloning", but only one flag is defined in if.h.
>
>Even with these problems, it's still possible to use ifnull: assign the 
>interfaces non-routable addresses, and simply route desired netblocks 
>to the interface.  But that's clumsy and not the semantics I really 
>want.
>
>Any suggestions?
>
>		--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
>
>
>
>
>  
>