[9front] [PITCH] ip/null

[9front] [PITCH] ip/null

[Jacob Moody]

As I play around more with 9front as my router, I found myself reaching for some
kind of 'firewall'. I find that we already have a pretty good interface in the kernel
in the form of ipmux. But there isn't too many ways of making use of it as is. I hacked up
something quick to just drop packets matching a filter on to the floor. If others find it
useful I can make up a man page and present again with a bit more polish.

Some examples:
# Drop inbound private range
ip/null 'ifc=my.external.ip;dst=192.168.0.0&255.255.0.0|10.0.0.0&255.0.0.0'

# google verboden
ip/null 'ifc=my.internal.ip;dst=8.8.8.8;src=192.168.0.0&255.255.0.0'

thanks,
moody

--- /dev/null
+++ b//sys/src/cmd/ip/null.c
@@ -1,0 +1,36 @@
+#include <u.h>
+#include <libc.h>
+
+void
+usage(void)
+{
+	fprint(2, "usage: %s filter\n", argv0);
+	exits("usage");
+}
+
+void
+main(int argc, char **argv)
+{
+	char buf[64 * 1024];
+	int fd;
+
+	ARGBEGIN{
+	default:
+		usage();
+		break;
+	}ARGEND
+	if(argc < 1)
+		usage();
+
+	fd = dial(smprint("ipmux!%s", argv[0]), nil, nil, nil);
+	if(fd < 0)
+		sysfatal("dial: %r");
+
+	for(;;)
+		switch(read(fd, buf, sizeof buf)){
+		case -1:
+			sysfatal("read: %r");
+		case 0:
+			return;
+		}
+}

Re: [9front] [PITCH] ip/null

[unobe]

FWIW, I haven't seen anyone else comment on this, but I like it.

Quoth Jacob Moody <moody@mail.posixcafe.org>:
> As I play around more with 9front as my router, I found myself reaching for some
> kind of 'firewall'. I find that we already have a pretty good interface in the kernel
> in the form of ipmux. But there isn't too many ways of making use of it as is. I hacked up
> something quick to just drop packets matching a filter on to the floor. If others find it
> useful I can make up a man page and present again with a bit more polish.
> 
> Some examples:
> # Drop inbound private range
> ip/null 'ifc=my.external.ip;dst=192.168.0.0&255.255.0.0|10.0.0.0&255.0.0.0'
> 
> # google verboden
> ip/null 'ifc=my.internal.ip;dst=8.8.8.8;src=192.168.0.0&255.255.0.0'
> 
> thanks,
> moody
> 
> --- /dev/null
> +++ b//sys/src/cmd/ip/null.c
> @@ -1,0 +1,36 @@
> +#include <u.h>
> +#include <libc.h>
> +
> +void
> +usage(void)
> +{
> +	fprint(2, "usage: %s filter\n", argv0);
> +	exits("usage");
> +}
> +
> +void
> +main(int argc, char **argv)
> +{
> +	char buf[64 * 1024];
> +	int fd;
> +
> +	ARGBEGIN{
> +	default:
> +		usage();
> +		break;
> +	}ARGEND
> +	if(argc < 1)
> +		usage();
> +
> +	fd = dial(smprint("ipmux!%s", argv[0]), nil, nil, nil);
> +	if(fd < 0)
> +		sysfatal("dial: %r");
> +
> +	for(;;)
> +		switch(read(fd, buf, sizeof buf)){
> +		case -1:
> +			sysfatal("read: %r");
> +		case 0:
> +			return;
> +		}
> +}

Re: [9front] [PITCH] ip/null

[Jacob Moody]

This as obsoleted by cinap's aux/dial(1).
It functionally works the same here except you would
need an explicit direction to /dev/null.

ie.

aux/dial 'ipmux!ifc=my.external.ip;dst=192.168.0.0&255.255.0.0|10.0.0.0&255.0.0.0' > /dev/null

On 12/11/23 12:54, unobe@cpan.org wrote:
> FWIW, I haven't seen anyone else comment on this, but I like it.
> 
> Quoth Jacob Moody <moody@mail.posixcafe.org>:
>> As I play around more with 9front as my router, I found myself reaching for some
>> kind of 'firewall'. I find that we already have a pretty good interface in the kernel
>> in the form of ipmux. But there isn't too many ways of making use of it as is. I hacked up
>> something quick to just drop packets matching a filter on to the floor. If others find it
>> useful I can make up a man page and present again with a bit more polish.
>>
>> Some examples:
>> # Drop inbound private range
>> ip/null 'ifc=my.external.ip;dst=192.168.0.0&255.255.0.0|10.0.0.0&255.0.0.0'
>>
>> # google verboden
>> ip/null 'ifc=my.internal.ip;dst=8.8.8.8;src=192.168.0.0&255.255.0.0'
>>
>> thanks,
>> moody
>>
>> --- /dev/null
>> +++ b//sys/src/cmd/ip/null.c
>> @@ -1,0 +1,36 @@
>> +#include <u.h>
>> +#include <libc.h>
>> +
>> +void
>> +usage(void)
>> +{
>> +	fprint(2, "usage: %s filter\n", argv0);
>> +	exits("usage");
>> +}
>> +
>> +void
>> +main(int argc, char **argv)
>> +{
>> +	char buf[64 * 1024];
>> +	int fd;
>> +
>> +	ARGBEGIN{
>> +	default:
>> +		usage();
>> +		break;
>> +	}ARGEND
>> +	if(argc < 1)
>> +		usage();
>> +
>> +	fd = dial(smprint("ipmux!%s", argv[0]), nil, nil, nil);
>> +	if(fd < 0)
>> +		sysfatal("dial: %r");
>> +
>> +	for(;;)
>> +		switch(read(fd, buf, sizeof buf)){
>> +		case -1:
>> +			sysfatal("read: %r");
>> +		case 0:
>> +			return;
>> +		}
>> +}
> 

Re: [9front] [PITCH] ip/null

[hiro]

it would be good if it wouldn't need to get all the way to userland
before being dropped.

On 12/11/23, Jacob Moody <moody@posixcafe.org> wrote:
> This as obsoleted by cinap's aux/dial(1).
> It functionally works the same here except you would
> need an explicit direction to /dev/null.
>
> ie.
>
> aux/dial
> 'ipmux!ifc=my.external.ip;dst=192.168.0.0&255.255.0.0|10.0.0.0&255.0.0.0' >
> /dev/null
>
> On 12/11/23 12:54, unobe@cpan.org wrote:
>> FWIW, I haven't seen anyone else comment on this, but I like it.
>>
>> Quoth Jacob Moody <moody@mail.posixcafe.org>:
>>> As I play around more with 9front as my router, I found myself reaching
>>> for some
>>> kind of 'firewall'. I find that we already have a pretty good interface
>>> in the kernel
>>> in the form of ipmux. But there isn't too many ways of making use of it
>>> as is. I hacked up
>>> something quick to just drop packets matching a filter on to the floor.
>>> If others find it
>>> useful I can make up a man page and present again with a bit more
>>> polish.
>>>
>>> Some examples:
>>> # Drop inbound private range
>>> ip/null
>>> 'ifc=my.external.ip;dst=192.168.0.0&255.255.0.0|10.0.0.0&255.0.0.0'
>>>
>>> # google verboden
>>> ip/null 'ifc=my.internal.ip;dst=8.8.8.8;src=192.168.0.0&255.255.0.0'
>>>
>>> thanks,
>>> moody
>>>
>>> --- /dev/null
>>> +++ b//sys/src/cmd/ip/null.c
>>> @@ -1,0 +1,36 @@
>>> +#include <u.h>
>>> +#include <libc.h>
>>> +
>>> +void
>>> +usage(void)
>>> +{
>>> +	fprint(2, "usage: %s filter\n", argv0);
>>> +	exits("usage");
>>> +}
>>> +
>>> +void
>>> +main(int argc, char **argv)
>>> +{
>>> +	char buf[64 * 1024];
>>> +	int fd;
>>> +
>>> +	ARGBEGIN{
>>> +	default:
>>> +		usage();
>>> +		break;
>>> +	}ARGEND
>>> +	if(argc < 1)
>>> +		usage();
>>> +
>>> +	fd = dial(smprint("ipmux!%s", argv[0]), nil, nil, nil);
>>> +	if(fd < 0)
>>> +		sysfatal("dial: %r");
>>> +
>>> +	for(;;)
>>> +		switch(read(fd, buf, sizeof buf)){
>>> +		case -1:
>>> +			sysfatal("read: %r");
>>> +		case 0:
>>> +			return;
>>> +		}
>>> +}
>>
>
>

Re: [9front] [PITCH] ip/null

[Jacob Moody]

Indeed, but right now ipmux is the only tool we have for doing any
filtering more fine grained then routing tables as far as I know.

I would like our own pf-like but that would require going back to
the drawing board.

On 12/11/23 13:05, hiro wrote:
> it would be good if it wouldn't need to get all the way to userland
> before being dropped.
> 
> On 12/11/23, Jacob Moody <moody@posixcafe.org> wrote:
>> This as obsoleted by cinap's aux/dial(1).
>> It functionally works the same here except you would
>> need an explicit direction to /dev/null.
>>
>> ie.
>>
>> aux/dial
>> 'ipmux!ifc=my.external.ip;dst=192.168.0.0&255.255.0.0|10.0.0.0&255.0.0.0' >
>> /dev/null
>>
>> On 12/11/23 12:54, unobe@cpan.org wrote:
>>> FWIW, I haven't seen anyone else comment on this, but I like it.
>>>
>>> Quoth Jacob Moody <moody@mail.posixcafe.org>:
>>>> As I play around more with 9front as my router, I found myself reaching
>>>> for some
>>>> kind of 'firewall'. I find that we already have a pretty good interface
>>>> in the kernel
>>>> in the form of ipmux. But there isn't too many ways of making use of it
>>>> as is. I hacked up
>>>> something quick to just drop packets matching a filter on to the floor.
>>>> If others find it
>>>> useful I can make up a man page and present again with a bit more
>>>> polish.
>>>>
>>>> Some examples:
>>>> # Drop inbound private range
>>>> ip/null
>>>> 'ifc=my.external.ip;dst=192.168.0.0&255.255.0.0|10.0.0.0&255.0.0.0'
>>>>
>>>> # google verboden
>>>> ip/null 'ifc=my.internal.ip;dst=8.8.8.8;src=192.168.0.0&255.255.0.0'
>>>>
>>>> thanks,
>>>> moody
>>>>
>>>> --- /dev/null
>>>> +++ b//sys/src/cmd/ip/null.c
>>>> @@ -1,0 +1,36 @@
>>>> +#include <u.h>
>>>> +#include <libc.h>
>>>> +
>>>> +void
>>>> +usage(void)
>>>> +{
>>>> +	fprint(2, "usage: %s filter\n", argv0);
>>>> +	exits("usage");
>>>> +}
>>>> +
>>>> +void
>>>> +main(int argc, char **argv)
>>>> +{
>>>> +	char buf[64 * 1024];
>>>> +	int fd;
>>>> +
>>>> +	ARGBEGIN{
>>>> +	default:
>>>> +		usage();
>>>> +		break;
>>>> +	}ARGEND
>>>> +	if(argc < 1)
>>>> +		usage();
>>>> +
>>>> +	fd = dial(smprint("ipmux!%s", argv[0]), nil, nil, nil);
>>>> +	if(fd < 0)
>>>> +		sysfatal("dial: %r");
>>>> +
>>>> +	for(;;)
>>>> +		switch(read(fd, buf, sizeof buf)){
>>>> +		case -1:
>>>> +			sysfatal("read: %r");
>>>> +		case 0:
>>>> +			return;
>>>> +		}
>>>> +}
>>>
>>
>>

Re: [9front] [PITCH] ip/null

[hiro]

is your example more fine-grained than routing tables?
in that case i misread the example.

On 12/11/23, Jacob Moody <moody@posixcafe.org> wrote:
> Indeed, but right now ipmux is the only tool we have for doing any
> filtering more fine grained then routing tables as far as I know.
>
> I would like our own pf-like but that would require going back to
> the drawing board.
>
> On 12/11/23 13:05, hiro wrote:
>> it would be good if it wouldn't need to get all the way to userland
>> before being dropped.
>>
>> On 12/11/23, Jacob Moody <moody@posixcafe.org> wrote:
>>> This as obsoleted by cinap's aux/dial(1).
>>> It functionally works the same here except you would
>>> need an explicit direction to /dev/null.
>>>
>>> ie.
>>>
>>> aux/dial
>>> 'ipmux!ifc=my.external.ip;dst=192.168.0.0&255.255.0.0|10.0.0.0&255.0.0.0'
>>> >
>>> /dev/null
>>>
>>> On 12/11/23 12:54, unobe@cpan.org wrote:
>>>> FWIW, I haven't seen anyone else comment on this, but I like it.
>>>>
>>>> Quoth Jacob Moody <moody@mail.posixcafe.org>:
>>>>> As I play around more with 9front as my router, I found myself
>>>>> reaching
>>>>> for some
>>>>> kind of 'firewall'. I find that we already have a pretty good
>>>>> interface
>>>>> in the kernel
>>>>> in the form of ipmux. But there isn't too many ways of making use of
>>>>> it
>>>>> as is. I hacked up
>>>>> something quick to just drop packets matching a filter on to the
>>>>> floor.
>>>>> If others find it
>>>>> useful I can make up a man page and present again with a bit more
>>>>> polish.
>>>>>
>>>>> Some examples:
>>>>> # Drop inbound private range
>>>>> ip/null
>>>>> 'ifc=my.external.ip;dst=192.168.0.0&255.255.0.0|10.0.0.0&255.0.0.0'
>>>>>
>>>>> # google verboden
>>>>> ip/null 'ifc=my.internal.ip;dst=8.8.8.8;src=192.168.0.0&255.255.0.0'
>>>>>
>>>>> thanks,
>>>>> moody
>>>>>
>>>>> --- /dev/null
>>>>> +++ b//sys/src/cmd/ip/null.c
>>>>> @@ -1,0 +1,36 @@
>>>>> +#include <u.h>
>>>>> +#include <libc.h>
>>>>> +
>>>>> +void
>>>>> +usage(void)
>>>>> +{
>>>>> +	fprint(2, "usage: %s filter\n", argv0);
>>>>> +	exits("usage");
>>>>> +}
>>>>> +
>>>>> +void
>>>>> +main(int argc, char **argv)
>>>>> +{
>>>>> +	char buf[64 * 1024];
>>>>> +	int fd;
>>>>> +
>>>>> +	ARGBEGIN{
>>>>> +	default:
>>>>> +		usage();
>>>>> +		break;
>>>>> +	}ARGEND
>>>>> +	if(argc < 1)
>>>>> +		usage();
>>>>> +
>>>>> +	fd = dial(smprint("ipmux!%s", argv[0]), nil, nil, nil);
>>>>> +	if(fd < 0)
>>>>> +		sysfatal("dial: %r");
>>>>> +
>>>>> +	for(;;)
>>>>> +		switch(read(fd, buf, sizeof buf)){
>>>>> +		case -1:
>>>>> +			sysfatal("read: %r");
>>>>> +		case 0:
>>>>> +			return;
>>>>> +		}
>>>>> +}
>>>>
>>>
>>>
>
>

Re: [9front] [PITCH] ip/null

[Jacob Moody]

On 12/11/23 13:17, hiro wrote:
> is your example more fine-grained than routing tables?
> in that case i misread the example.

My example was not, but ipmux allows you to index
arbitrarily in to the ip data portion to do matching.

> 
> On 12/11/23, Jacob Moody <moody@posixcafe.org> wrote:
>> Indeed, but right now ipmux is the only tool we have for doing any
>> filtering more fine grained then routing tables as far as I know.
>>
>> I would like our own pf-like but that would require going back to
>> the drawing board.
>>
>> On 12/11/23 13:05, hiro wrote:
>>> it would be good if it wouldn't need to get all the way to userland
>>> before being dropped.
>>>
>>> On 12/11/23, Jacob Moody <moody@posixcafe.org> wrote:
>>>> This as obsoleted by cinap's aux/dial(1).
>>>> It functionally works the same here except you would
>>>> need an explicit direction to /dev/null.
>>>>
>>>> ie.
>>>>
>>>> aux/dial
>>>> 'ipmux!ifc=my.external.ip;dst=192.168.0.0&255.255.0.0|10.0.0.0&255.0.0.0'
>>>>>
>>>> /dev/null
>>>>
>>>> On 12/11/23 12:54, unobe@cpan.org wrote:
>>>>> FWIW, I haven't seen anyone else comment on this, but I like it.
>>>>>
>>>>> Quoth Jacob Moody <moody@mail.posixcafe.org>:
>>>>>> As I play around more with 9front as my router, I found myself
>>>>>> reaching
>>>>>> for some
>>>>>> kind of 'firewall'. I find that we already have a pretty good
>>>>>> interface
>>>>>> in the kernel
>>>>>> in the form of ipmux. But there isn't too many ways of making use of
>>>>>> it
>>>>>> as is. I hacked up
>>>>>> something quick to just drop packets matching a filter on to the
>>>>>> floor.
>>>>>> If others find it
>>>>>> useful I can make up a man page and present again with a bit more
>>>>>> polish.
>>>>>>
>>>>>> Some examples:
>>>>>> # Drop inbound private range
>>>>>> ip/null
>>>>>> 'ifc=my.external.ip;dst=192.168.0.0&255.255.0.0|10.0.0.0&255.0.0.0'
>>>>>>
>>>>>> # google verboden
>>>>>> ip/null 'ifc=my.internal.ip;dst=8.8.8.8;src=192.168.0.0&255.255.0.0'
>>>>>>
>>>>>> thanks,
>>>>>> moody
>>>>>>
>>>>>> --- /dev/null
>>>>>> +++ b//sys/src/cmd/ip/null.c
>>>>>> @@ -1,0 +1,36 @@
>>>>>> +#include <u.h>
>>>>>> +#include <libc.h>
>>>>>> +
>>>>>> +void
>>>>>> +usage(void)
>>>>>> +{
>>>>>> +	fprint(2, "usage: %s filter\n", argv0);
>>>>>> +	exits("usage");
>>>>>> +}
>>>>>> +
>>>>>> +void
>>>>>> +main(int argc, char **argv)
>>>>>> +{
>>>>>> +	char buf[64 * 1024];
>>>>>> +	int fd;
>>>>>> +
>>>>>> +	ARGBEGIN{
>>>>>> +	default:
>>>>>> +		usage();
>>>>>> +		break;
>>>>>> +	}ARGEND
>>>>>> +	if(argc < 1)
>>>>>> +		usage();
>>>>>> +
>>>>>> +	fd = dial(smprint("ipmux!%s", argv[0]), nil, nil, nil);
>>>>>> +	if(fd < 0)
>>>>>> +		sysfatal("dial: %r");
>>>>>> +
>>>>>> +	for(;;)
>>>>>> +		switch(read(fd, buf, sizeof buf)){
>>>>>> +		case -1:
>>>>>> +			sysfatal("read: %r");
>>>>>> +		case 0:
>>>>>> +			return;
>>>>>> +		}
>>>>>> +}
>>>>>
>>>>
>>>>
>>
>>

Re: [9front] [PITCH] ip/null

[hiro]

in that case, the routing logic should allow routing to a null route
in the kernel, preferably. at least for the source/destination IP
based filters that's good enough.

port-based (L4) firewalls should become less necessary over time that
we just assign ip addresses to individual services instead.
that's my utopia at least ;)

On 12/11/23, Jacob Moody <moody@posixcafe.org> wrote:
> On 12/11/23 13:17, hiro wrote:
>> is your example more fine-grained than routing tables?
>> in that case i misread the example.
>
> My example was not, but ipmux allows you to index
> arbitrarily in to the ip data portion to do matching.
>
>>
>> On 12/11/23, Jacob Moody <moody@posixcafe.org> wrote:
>>> Indeed, but right now ipmux is the only tool we have for doing any
>>> filtering more fine grained then routing tables as far as I know.
>>>
>>> I would like our own pf-like but that would require going back to
>>> the drawing board.
>>>
>>> On 12/11/23 13:05, hiro wrote:
>>>> it would be good if it wouldn't need to get all the way to userland
>>>> before being dropped.
>>>>
>>>> On 12/11/23, Jacob Moody <moody@posixcafe.org> wrote:
>>>>> This as obsoleted by cinap's aux/dial(1).
>>>>> It functionally works the same here except you would
>>>>> need an explicit direction to /dev/null.
>>>>>
>>>>> ie.
>>>>>
>>>>> aux/dial
>>>>> 'ipmux!ifc=my.external.ip;dst=192.168.0.0&255.255.0.0|10.0.0.0&255.0.0.0'
>>>>>>
>>>>> /dev/null
>>>>>
>>>>> On 12/11/23 12:54, unobe@cpan.org wrote:
>>>>>> FWIW, I haven't seen anyone else comment on this, but I like it.
>>>>>>
>>>>>> Quoth Jacob Moody <moody@mail.posixcafe.org>:
>>>>>>> As I play around more with 9front as my router, I found myself
>>>>>>> reaching
>>>>>>> for some
>>>>>>> kind of 'firewall'. I find that we already have a pretty good
>>>>>>> interface
>>>>>>> in the kernel
>>>>>>> in the form of ipmux. But there isn't too many ways of making use of
>>>>>>> it
>>>>>>> as is. I hacked up
>>>>>>> something quick to just drop packets matching a filter on to the
>>>>>>> floor.
>>>>>>> If others find it
>>>>>>> useful I can make up a man page and present again with a bit more
>>>>>>> polish.
>>>>>>>
>>>>>>> Some examples:
>>>>>>> # Drop inbound private range
>>>>>>> ip/null
>>>>>>> 'ifc=my.external.ip;dst=192.168.0.0&255.255.0.0|10.0.0.0&255.0.0.0'
>>>>>>>
>>>>>>> # google verboden
>>>>>>> ip/null 'ifc=my.internal.ip;dst=8.8.8.8;src=192.168.0.0&255.255.0.0'
>>>>>>>
>>>>>>> thanks,
>>>>>>> moody
>>>>>>>
>>>>>>> --- /dev/null
>>>>>>> +++ b//sys/src/cmd/ip/null.c
>>>>>>> @@ -1,0 +1,36 @@
>>>>>>> +#include <u.h>
>>>>>>> +#include <libc.h>
>>>>>>> +
>>>>>>> +void
>>>>>>> +usage(void)
>>>>>>> +{
>>>>>>> +	fprint(2, "usage: %s filter\n", argv0);
>>>>>>> +	exits("usage");
>>>>>>> +}
>>>>>>> +
>>>>>>> +void
>>>>>>> +main(int argc, char **argv)
>>>>>>> +{
>>>>>>> +	char buf[64 * 1024];
>>>>>>> +	int fd;
>>>>>>> +
>>>>>>> +	ARGBEGIN{
>>>>>>> +	default:
>>>>>>> +		usage();
>>>>>>> +		break;
>>>>>>> +	}ARGEND
>>>>>>> +	if(argc < 1)
>>>>>>> +		usage();
>>>>>>> +
>>>>>>> +	fd = dial(smprint("ipmux!%s", argv[0]), nil, nil, nil);
>>>>>>> +	if(fd < 0)
>>>>>>> +		sysfatal("dial: %r");
>>>>>>> +
>>>>>>> +	for(;;)
>>>>>>> +		switch(read(fd, buf, sizeof buf)){
>>>>>>> +		case -1:
>>>>>>> +			sysfatal("read: %r");
>>>>>>> +		case 0:
>>>>>>> +			return;
>>>>>>> +		}
>>>>>>> +}
>>>>>>
>>>>>
>>>>>
>>>
>>>
>
>

Re: [9front] [PITCH] ip/null

[unobe]

Splendid!

Quoth Jacob Moody <moody@posixcafe.org>:
> This as obsoleted by cinap's aux/dial(1).
> It functionally works the same here except you would
> need an explicit direction to /dev/null.
> 
> ie.
> 
> aux/dial 'ipmux!ifc=my.external.ip;dst=192.168.0.0&255.255.0.0|10.0.0.0&255.0.0.0' > /dev/null
> 
> On 12/11/23 12:54, unobe@cpan.org wrote:
> > FWIW, I haven't seen anyone else comment on this, but I like it.
> > 
> > Quoth Jacob Moody <moody@mail.posixcafe.org>:
> >> As I play around more with 9front as my router, I found myself reaching for some
> >> kind of 'firewall'. I find that we already have a pretty good interface in the kernel
> >> in the form of ipmux. But there isn't too many ways of making use of it as is. I hacked up
> >> something quick to just drop packets matching a filter on to the floor. If others find it
> >> useful I can make up a man page and present again with a bit more polish.
> >>
> >> Some examples:
> >> # Drop inbound private range
> >> ip/null 'ifc=my.external.ip;dst=192.168.0.0&255.255.0.0|10.0.0.0&255.0.0.0'
> >>
> >> # google verboden
> >> ip/null 'ifc=my.internal.ip;dst=8.8.8.8;src=192.168.0.0&255.255.0.0'
> >>
> >> thanks,
> >> moody
> >>
> >> --- /dev/null
> >> +++ b//sys/src/cmd/ip/null.c
> >> @@ -1,0 +1,36 @@
> >> +#include <u.h>
> >> +#include <libc.h>
> >> +
> >> +void
> >> +usage(void)
> >> +{
> >> +	fprint(2, "usage: %s filter\n", argv0);
> >> +	exits("usage");
> >> +}
> >> +
> >> +void
> >> +main(int argc, char **argv)
> >> +{
> >> +	char buf[64 * 1024];
> >> +	int fd;
> >> +
> >> +	ARGBEGIN{
> >> +	default:
> >> +		usage();
> >> +		break;
> >> +	}ARGEND
> >> +	if(argc < 1)
> >> +		usage();
> >> +
> >> +	fd = dial(smprint("ipmux!%s", argv[0]), nil, nil, nil);
> >> +	if(fd < 0)
> >> +		sysfatal("dial: %r");
> >> +
> >> +	for(;;)
> >> +		switch(read(fd, buf, sizeof buf)){
> >> +		case -1:
> >> +			sysfatal("read: %r");
> >> +		case 0:
> >> +			return;
> >> +		}
> >> +}
> > 
>