--- v2.3.41/linux/include/linux/inetdevice.h.orig Sat Sep 11 07:06:19 1999 +++ linux/include/linux/inetdevice.h Sat Jan 29 14:51:12 2000 @@ -17,6 +17,7 @@ int forwarding; int mc_forwarding; int tag; + int hidden; void *sysctl; }; @@ -43,6 +44,7 @@ #define IN_DEV_LOG_MARTIANS(in_dev) (ipv4_devconf.log_martians || (in_dev)->cnf.log_martians) #define IN_DEV_PROXY_ARP(in_dev) (ipv4_devconf.proxy_arp || (in_dev)->cnf.proxy_arp) +#define IN_DEV_HIDDEN(in_dev) ((in_dev)->cnf.hidden && ipv4_devconf.hidden) #define IN_DEV_SHARED_MEDIA(in_dev) (ipv4_devconf.shared_media || (in_dev)->cnf.shared_media) #define IN_DEV_TX_REDIRECTS(in_dev) (ipv4_devconf.send_redirects || (in_dev)->cnf.send_redirects) #define IN_DEV_SEC_REDIRECTS(in_dev) (ipv4_devconf.secure_redirects || (in_dev)->cnf.secure_redirects) --- v2.3.41/linux/include/linux/sysctl.h.orig Sat Jan 29 09:02:10 2000 +++ linux/include/linux/sysctl.h Sat Jan 29 14:54:32 2000 @@ -300,7 +300,8 @@ NET_IPV4_CONF_ACCEPT_SOURCE_ROUTE=9, NET_IPV4_CONF_BOOTP_RELAY=10, NET_IPV4_CONF_LOG_MARTIANS=11, - NET_IPV4_CONF_TAG=12 + NET_IPV4_CONF_TAG=12, + NET_IPV4_CONF_HIDDEN=13, }; /* /proc/sys/net/ipv6 */ --- v2.3.41/linux/net/ipv4/arp.c.orig Sat Jan 29 09:02:14 2000 +++ linux/net/ipv4/arp.c Sun Jan 30 20:51:44 2000 @@ -65,6 +65,8 @@ * clean up the APFDDI & gen. FDDI bits. * Alexey Kuznetsov: new arp state machine; * now it is in net/core/neighbour.c. + * Julian Anastasov: "hidden" flag: hide the + * interface and don't reply for it */ /* RFC1122 Status: @@ -328,12 +330,23 @@ static void arp_solicit(struct neighbour *neigh, struct sk_buff *skb) { u32 saddr; + int from_skb; + struct in_device *in_dev2 = NULL; + struct net_device *dev2 = NULL; u8 *dst_ha = NULL; struct net_device *dev = neigh->dev; u32 target = *(u32*)neigh->primary_key; int probes = atomic_read(&neigh->probes); - if (skb && inet_addr_type(skb->nh.iph->saddr) == RTN_LOCAL) + from_skb = (skb && + (dev2 = ip_dev_find(skb->nh.iph->saddr)) != NULL && + (in_dev2 = in_dev_get(dev2)) != NULL && + !IN_DEV_HIDDEN(in_dev2)); + if (dev2) { + if (in_dev2) in_dev_put(in_dev2); + dev_put(dev2); + } + if (from_skb) saddr = skb->nh.iph->saddr; else saddr = inet_select_addr(dev, target, RT_SCOPE_LINK); @@ -706,9 +719,22 @@ /* Special case: IPv4 duplicate address detection packet (RFC2131) */ if (sip == 0) { - if (arp->ar_op == __constant_htons(ARPOP_REQUEST) && - inet_addr_type(tip) == RTN_LOCAL) + int reply; + struct net_device *dev2 = NULL; + struct in_device *in_dev2 = NULL; + + reply = + (arp->ar_op == __constant_htons(ARPOP_REQUEST) && + (dev2 = ip_dev_find(tip)) != NULL && + (dev2 == dev || + ((in_dev2 = in_dev_get(dev2)) != NULL && + !IN_DEV_HIDDEN(in_dev2)))); + if (dev2) { + if (in_dev2) in_dev_put(in_dev2); + dev_put(dev2); + if (reply) arp_send(ARPOP_REPLY,ETH_P_ARP,tip,dev,tip,sha,dev->dev_addr,dev->dev_addr); + } goto out; } @@ -721,6 +747,26 @@ if (addr_type == RTN_LOCAL) { n = neigh_event_ns(&arp_tbl, sha, &sip, dev); if (n) { + if (ipv4_devconf.hidden && + skb->pkt_type != PACKET_HOST) { + int skip; + struct net_device *dev2 = NULL; + struct in_device *in_dev2 = NULL; + + skip = + ((dev2 = ip_dev_find(tip)) != NULL && + dev2 != dev && + (in_dev2=in_dev_get(dev2)) != NULL && + IN_DEV_HIDDEN(in_dev2)); + if (dev2) { + if (in_dev2) in_dev_put(in_dev2); + dev_put(dev2); + if (skip) { + neigh_release(n); + goto out; + } + } + } arp_send(ARPOP_REPLY,ETH_P_ARP,sip,dev,tip,sha,dev->dev_addr,sha); neigh_release(n); } --- v2.3.41/linux/net/ipv4/devinet.c.orig Wed Jan 12 08:46:50 2000 +++ linux/net/ipv4/devinet.c Sat Jan 29 15:13:34 2000 @@ -745,7 +745,8 @@ read_lock(&in_dev->lock); for_primary_ifa(in_dev) { - if (ifa->ifa_scope != RT_SCOPE_LINK && + if (!IN_DEV_HIDDEN(in_dev) && + ifa->ifa_scope != RT_SCOPE_LINK && ifa->ifa_scope <= scope) { read_unlock(&in_dev->lock); read_unlock(&inetdev_lock); @@ -1027,7 +1028,7 @@ static struct devinet_sysctl_table { struct ctl_table_header *sysctl_header; - ctl_table devinet_vars[13]; + ctl_table devinet_vars[14]; ctl_table devinet_dev[2]; ctl_table devinet_conf_dir[2]; ctl_table devinet_proto_dir[2]; @@ -1069,6 +1070,9 @@ &proc_dointvec}, {NET_IPV4_CONF_TAG, "tag", &ipv4_devconf.tag, sizeof(int), 0644, NULL, + &proc_dointvec}, + {NET_IPV4_CONF_HIDDEN, "hidden", + &ipv4_devconf.hidden, sizeof(int), 0644, NULL, &proc_dointvec}, {0}}, --- v2.3.41/linux/Documentation/networking/ip-sysctl.txt.orig Sat Jan 29 09:01:43 2000 +++ linux/Documentation/networking/ip-sysctl.txt Sat Jan 29 14:57:27 2000 @@ -299,6 +299,14 @@ Default value is 0. Note that some distributions enable it in startip scripts. +hidden - BOOLEAN + Hide addresses attached to this device from another devices. + Such addresses will never be selected by source address autoselection + mechanism, host does not answer broadcast ARP requests for them, + does not announce it as source address of ARP requests, but they + are still reachable via IP. This flag is activated only if it is + enabled both in specific device section and in "all" section. + Alexey Kuznetsov. kuznet@ms2.inr.ac.ru --- v2.3.41/linux/Documentation/filesystems/proc.txt.orig Sat Nov 13 08:04:14 1999 +++ linux/Documentation/filesystems/proc.txt Sat Jan 29 15:01:54 2000 @@ -1490,6 +1490,16 @@ Determines whether to send ICMP redirects to other hosts. +hidden +------ + +Hide addresses attached to this device from another devices. +Such addresses will never be selected by source address autoselection +mechanism, host does not answer broadcast ARP requests for them, +does not announce it as source address of ARP requests, but they +are still reachable via IP. This flag is activated only if it is +enabled both in specific device section and in "all" section. + Routing settings ----------------