提交 4095ebf1 编写于 作者: H Harald Welte 提交者: David S. Miller

[NETFILTER]: ipt_CLUSTERIP: fix ARP mangling

This patch adds mangling of ARP requests (in addition to replies),
since ARP caches are made from snooping both requests and replies.
Signed-off-by: NHarald Welte <laforge@netfilter.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 85c1937b
...@@ -30,7 +30,7 @@ ...@@ -30,7 +30,7 @@
#include <linux/netfilter_ipv4/ipt_CLUSTERIP.h> #include <linux/netfilter_ipv4/ipt_CLUSTERIP.h>
#include <linux/netfilter_ipv4/ip_conntrack.h> #include <linux/netfilter_ipv4/ip_conntrack.h>
#define CLUSTERIP_VERSION "0.6" #define CLUSTERIP_VERSION "0.7"
#define DEBUG_CLUSTERIP #define DEBUG_CLUSTERIP
...@@ -524,8 +524,9 @@ arp_mangle(unsigned int hook, ...@@ -524,8 +524,9 @@ arp_mangle(unsigned int hook,
|| arp->ar_pln != 4 || arp->ar_hln != ETH_ALEN) || arp->ar_pln != 4 || arp->ar_hln != ETH_ALEN)
return NF_ACCEPT; return NF_ACCEPT;
/* we only want to mangle arp replies */ /* we only want to mangle arp requests and replies */
if (arp->ar_op != htons(ARPOP_REPLY)) if (arp->ar_op != htons(ARPOP_REPLY)
&& arp->ar_op != htons(ARPOP_REQUEST))
return NF_ACCEPT; return NF_ACCEPT;
payload = (void *)(arp+1); payload = (void *)(arp+1);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册