I've implemented if_null, the network equivalent of /dev/null.  It has
several purposes:  remote-triggered routing black holes (see
http://www.nanog.org/mtg-0402/pdf/morrow.pdf ); and
an easier way to monitor all traffic to some dummy destination.
tcpdump on the input interface works, of course, but bpf has
to filter a lot of "uninteresting" data.  With if_null, you can
route such traffic to a null interface, and pick up everything with
tcpdump.

The difference between if_null and RTF_BLACKHOLE is that the discard 
notion is tied to the interface, rather than to the route.  Taking out 
the indirection is what allows remote-triggered black holes to work.
It also provides for byte and packet counters for the discarded packets.

if_null is a clone device:

        ifconfig null0 create
        ifconfig null0 192.168.42.42

and was derived from if_gre.c.  I *think* I deleted all of the
no-longer-necessary code.

You can pick up a copy at http://www.machshav.com/~smb/if_null .
I compiled and tested it on 2.0beta; it will probably work on -current 
without change.  I have no idea what would happen on 1.6.2.


		--Steve Bellovin, http://www.research.att.com/~smb