>This could be done with a new flag. There seem to be three possible places >where this flag could be put: > >* ifnet.if_flags > This is a short and there is no free bit. But the IFF_NOTRAILERS bit has > become unused recently and could be recycled. > >* ifnet.if_xflags > An int, lots of free bits. But comment says 'extra softnet flags' > >* if_data.ifi_capabilities > An u_int32_t, lots of free bits.
It feels more like it should be an inate feature of the "hardware", not terribly visible to the admin, not in their face, and certainly not something the root in the guest can "disable". To stop it from being disabled, you put it into IFF_CANTCHANGE. That should help the latter concern. But I do worry about whether a guest should see such a flag so visibly. To me, ifi_capabilities feels like the right place to put this. Nicely hidden, cannot be changed, and noone will have it in their face when they run ifconfig.
