leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[NETFILTER]: ipt_CLUSTERIP: fix ARP mangling

Browse Source 
This patch adds mangling of ARP requests (in addition to replies),
since ARP caches are made from snooping both requests and replies.

Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Harald Welte 2005-06-28 12:49:30 -07:00 committed by David S. Miller
parent 85c1937b26
commit 4095ebf1e6
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
net/ipv4/netfilter/ipt_CLUSTERIP.c
View File

@ -30,7 +30,7 @@
#include <linux/netfilter_ipv4/ipt_CLUSTERIP.h> #include <linux/netfilter_ipv4/ipt_CLUSTERIP.h>
#include <linux/netfilter_ipv4/ip_conntrack.h> #include <linux/netfilter_ipv4/ip_conntrack.h>
#define CLUSTERIP_VERSION "0.6" #define CLUSTERIP_VERSION "0.7"
#define DEBUG_CLUSTERIP #define DEBUG_CLUSTERIP
@ -524,8 +524,9 @@ arp_mangle(unsigned int hook,
|| arp->ar_pln != 4 || arp->ar_hln != ETH_ALEN) || arp->ar_pln != 4 || arp->ar_hln != ETH_ALEN)
return NF_ACCEPT; return NF_ACCEPT;
/* we only want to mangle arp replies */ /* we only want to mangle arp requests and replies */
if (arp->ar_op != htons(ARPOP_REPLY)) if (arp->ar_op != htons(ARPOP_REPLY)
&& arp->ar_op != htons(ARPOP_REQUEST))
return NF_ACCEPT; return NF_ACCEPT;
payload = (void *)(arp+1); payload = (void *)(arp+1);