Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
[NETFILTER]: ipt_CLUSTERIP: fix ARP mangling
This patch adds mangling of ARP requests (in addition to replies),
since ARP caches are made from snooping both requests and replies.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
authored by Harald Welte and committed by David S. Miller 4095ebf1 85c1937b
+4
-3
net/ipv4/netfilter/ipt_CLUSTERIP.c
+4
-3
net/ipv4/netfilter/ipt_CLUSTERIP.c
···
30
#include <linux/netfilter_ipv4/ipt_CLUSTERIP.h>
31
#include <linux/netfilter_ipv4/ip_conntrack.h>
32
33
-
#define CLUSTERIP_VERSION "0.6"
34
35
#define DEBUG_CLUSTERIP
36
···
524
|| arp->ar_pln != 4 || arp->ar_hln != ETH_ALEN)
525
return NF_ACCEPT;
526
527
-
/* we only want to mangle arp replies */
528
-
if (arp->ar_op != htons(ARPOP_REPLY))
529
return NF_ACCEPT;
530
531
payload = (void *)(arp+1);
···
30
#include <linux/netfilter_ipv4/ipt_CLUSTERIP.h>
31
#include <linux/netfilter_ipv4/ip_conntrack.h>
32
33
+
#define CLUSTERIP_VERSION "0.7"
34
35
#define DEBUG_CLUSTERIP
36
···
524
|| arp->ar_pln != 4 || arp->ar_hln != ETH_ALEN)
525
return NF_ACCEPT;
526
527
+
/* we only want to mangle arp requests and replies */
528
+
if (arp->ar_op != htons(ARPOP_REPLY)
529
+
&& arp->ar_op != htons(ARPOP_REQUEST))
530
return NF_ACCEPT;
531
532
payload = (void *)(arp+1);