--- v2.3.41/linux/include/linux/inetdevice.h.orig	Sat Sep 11 07:06:19 1999
+++ linux/include/linux/inetdevice.h	Sat Jan 29 14:51:12 2000
@@ -17,6 +17,7 @@
 	int	forwarding;
 	int	mc_forwarding;
 	int	tag;
+	int	hidden;
 	void	*sysctl;
 };
 
@@ -43,6 +44,7 @@
 
 #define IN_DEV_LOG_MARTIANS(in_dev)	(ipv4_devconf.log_martians || (in_dev)->cnf.log_martians)
 #define IN_DEV_PROXY_ARP(in_dev)	(ipv4_devconf.proxy_arp || (in_dev)->cnf.proxy_arp)
+#define IN_DEV_HIDDEN(in_dev)		((in_dev)->cnf.hidden && ipv4_devconf.hidden)
 #define IN_DEV_SHARED_MEDIA(in_dev)	(ipv4_devconf.shared_media || (in_dev)->cnf.shared_media)
 #define IN_DEV_TX_REDIRECTS(in_dev)	(ipv4_devconf.send_redirects || (in_dev)->cnf.send_redirects)
 #define IN_DEV_SEC_REDIRECTS(in_dev)	(ipv4_devconf.secure_redirects || (in_dev)->cnf.secure_redirects)
--- v2.3.41/linux/include/linux/sysctl.h.orig	Sat Jan 29 09:02:10 2000
+++ linux/include/linux/sysctl.h	Sat Jan 29 14:54:32 2000
@@ -300,7 +300,8 @@
 	NET_IPV4_CONF_ACCEPT_SOURCE_ROUTE=9,
 	NET_IPV4_CONF_BOOTP_RELAY=10,
 	NET_IPV4_CONF_LOG_MARTIANS=11,
-	NET_IPV4_CONF_TAG=12
+	NET_IPV4_CONF_TAG=12,
+	NET_IPV4_CONF_HIDDEN=13,
 };
 
 /* /proc/sys/net/ipv6 */
--- v2.3.41/linux/net/ipv4/arp.c.orig	Sat Jan 29 09:02:14 2000
+++ linux/net/ipv4/arp.c	Sun Jan 30 20:51:44 2000
@@ -65,6 +65,8 @@
  *					clean up the APFDDI & gen. FDDI bits.
  *		Alexey Kuznetsov:	new arp state machine;
  *					now it is in net/core/neighbour.c.
+ *		Julian Anastasov:	"hidden" flag: hide the
+ *					interface and don't reply for it
  */
 
 /* RFC1122 Status:
@@ -328,12 +330,23 @@
 static void arp_solicit(struct neighbour *neigh, struct sk_buff *skb)
 {
 	u32 saddr;
+	int from_skb;
+	struct in_device *in_dev2 = NULL;
+	struct net_device *dev2 = NULL;
 	u8  *dst_ha = NULL;
 	struct net_device *dev = neigh->dev;
 	u32 target = *(u32*)neigh->primary_key;
 	int probes = atomic_read(&neigh->probes);
 
-	if (skb && inet_addr_type(skb->nh.iph->saddr) == RTN_LOCAL)
+	from_skb = (skb &&
+		(dev2 = ip_dev_find(skb->nh.iph->saddr)) != NULL &&
+		(in_dev2 = in_dev_get(dev2)) != NULL &&
+		!IN_DEV_HIDDEN(in_dev2));
+	if (dev2) {
+		if (in_dev2) in_dev_put(in_dev2);
+		dev_put(dev2);
+	}
+	if (from_skb)
 		saddr = skb->nh.iph->saddr;
 	else
 		saddr = inet_select_addr(dev, target, RT_SCOPE_LINK);
@@ -706,9 +719,22 @@
 
 	/* Special case: IPv4 duplicate address detection packet (RFC2131) */
 	if (sip == 0) {
-		if (arp->ar_op == __constant_htons(ARPOP_REQUEST) &&
-		    inet_addr_type(tip) == RTN_LOCAL)
+		int reply;
+		struct net_device *dev2 = NULL;
+		struct in_device *in_dev2 = NULL;
+
+		reply =
+		    (arp->ar_op == __constant_htons(ARPOP_REQUEST) &&
+		    (dev2 = ip_dev_find(tip)) != NULL &&
+		    (dev2 == dev ||
+		    ((in_dev2 = in_dev_get(dev2)) != NULL &&
+		    !IN_DEV_HIDDEN(in_dev2))));
+		if (dev2) {
+		    if (in_dev2) in_dev_put(in_dev2);
+		    dev_put(dev2);
+		    if (reply)
 			arp_send(ARPOP_REPLY,ETH_P_ARP,tip,dev,tip,sha,dev->dev_addr,dev->dev_addr);
+		}
 		goto out;
 	}
 
@@ -721,6 +747,26 @@
 		if (addr_type == RTN_LOCAL) {
 			n = neigh_event_ns(&arp_tbl, sha, &sip, dev);
 			if (n) {
+				if (ipv4_devconf.hidden &&
+				    skb->pkt_type != PACKET_HOST) {
+					int skip;
+					struct net_device *dev2 = NULL;
+					struct in_device *in_dev2 = NULL;
+
+					skip =
+					  ((dev2 = ip_dev_find(tip)) != NULL &&
+					  dev2 != dev &&
+					  (in_dev2=in_dev_get(dev2)) != NULL &&
+					  IN_DEV_HIDDEN(in_dev2));
+					if (dev2) {
+					    if (in_dev2) in_dev_put(in_dev2);
+					    dev_put(dev2);
+					    if (skip) {
+						neigh_release(n);
+						goto out;
+					    }
+					}
+				}
 				arp_send(ARPOP_REPLY,ETH_P_ARP,sip,dev,tip,sha,dev->dev_addr,sha);
 				neigh_release(n);
 			}
--- v2.3.41/linux/net/ipv4/devinet.c.orig	Wed Jan 12 08:46:50 2000
+++ linux/net/ipv4/devinet.c	Sat Jan 29 15:13:34 2000
@@ -745,7 +745,8 @@
 
 		read_lock(&in_dev->lock);
 		for_primary_ifa(in_dev) {
-			if (ifa->ifa_scope != RT_SCOPE_LINK &&
+			if (!IN_DEV_HIDDEN(in_dev) &&
+			    ifa->ifa_scope != RT_SCOPE_LINK &&
 			    ifa->ifa_scope <= scope) {
 				read_unlock(&in_dev->lock);
 				read_unlock(&inetdev_lock);
@@ -1027,7 +1028,7 @@
 static struct devinet_sysctl_table
 {
 	struct ctl_table_header *sysctl_header;
-	ctl_table devinet_vars[13];
+	ctl_table devinet_vars[14];
 	ctl_table devinet_dev[2];
 	ctl_table devinet_conf_dir[2];
 	ctl_table devinet_proto_dir[2];
@@ -1069,6 +1070,9 @@
          &proc_dointvec},
 	{NET_IPV4_CONF_TAG, "tag",
 	 &ipv4_devconf.tag, sizeof(int), 0644, NULL,
+	 &proc_dointvec},
+	{NET_IPV4_CONF_HIDDEN, "hidden",
+	 &ipv4_devconf.hidden, sizeof(int), 0644, NULL,
 	 &proc_dointvec},
 	 {0}},
 
--- v2.3.41/linux/Documentation/networking/ip-sysctl.txt.orig	Sat Jan 29 09:01:43 2000
+++ linux/Documentation/networking/ip-sysctl.txt	Sat Jan 29 14:57:27 2000
@@ -299,6 +299,14 @@
 	Default value is 0. Note that some distributions enable it
 	in startip scripts.
 
+hidden - BOOLEAN
+	Hide addresses attached to this device from another devices.
+	Such addresses will never be selected by source address autoselection
+	mechanism, host does not answer broadcast ARP requests for them,
+	does not announce it as source address of ARP requests, but they
+	are still reachable via IP. This flag is activated only if it is
+	enabled both in specific device section and in "all" section.
+
 Alexey Kuznetsov.
 kuznet@ms2.inr.ac.ru
 
--- v2.3.41/linux/Documentation/filesystems/proc.txt.orig	Sat Nov 13 08:04:14 1999
+++ linux/Documentation/filesystems/proc.txt	Sat Jan 29 15:01:54 2000
@@ -1490,6 +1490,16 @@
 
 Determines whether to send ICMP redirects to other hosts.
 
+hidden
+------
+
+Hide addresses attached to this device from another devices.
+Such addresses will never be selected by source address autoselection
+mechanism, host does not answer broadcast ARP requests for them,
+does not announce it as source address of ARP requests, but they
+are still reachable via IP. This flag is activated only if it is
+enabled both in specific device section and in "all" section.
+
 Routing settings
 ----------------
 
