On Tue, Jan 5, 2010 at 9:58 AM, Andrew Lunn <andrew@lunn.ch> wrote:

BPF for outgoing packets? Different. I've only ever seen it used for
filtering incoming packets. ARP requests for *.*.*.1? I don't get
that. There should only be one host in the subnet which matches
*.*.*.1/24, so its going to reply anyway. What are you trying to
achieve here?

BPF because it's already in the kernel and has a rule language.  Rules to match "all DHCP packets, and IPv6 router solicitations" are easy to write, and people who want to do something different/wierd don't need to rebuild their kernels.

If it makes any more sense, substitute *.*.*.1 for "something matching the IPs I use for gateways".  Aim: make it harder for people to configure their PCs to respond to those ARPs and break the network.  Although for a mobile node whose DHCP lease hasn't yet expired I can see that causing problems.  But if it's just a BPF filter then you can experiment with rules like these fairly easily.
 
donald