Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4095ebf1 authored by Harald Welte's avatar Harald Welte Committed by David S. Miller
Browse files

[NETFILTER]: ipt_CLUSTERIP: fix ARP mangling 



This patch adds mangling of ARP requests (in addition to replies),
since ARP caches are made from snooping both requests and replies.

Signed-off-by: default avatarHarald Welte <laforge@netfilter.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 85c1937b

net/ipv4/netfilter/ipt_CLUSTERIP.c

+4 −3
Original line number Diff line number Diff line
@@ -30,7 +30,7 @@ 
#include <linux/netfilter_ipv4/ipt_CLUSTERIP.h>

#include <linux/netfilter_ipv4/ip_conntrack.h>



#define CLUSTERIP_VERSION "0.6"

#define CLUSTERIP_VERSION "0.7"



#define DEBUG_CLUSTERIP
@@ -524,8 +524,9 @@ arp_mangle(unsigned int hook, 
	    || arp->ar_pln != 4 || arp->ar_hln != ETH_ALEN)

		return NF_ACCEPT;



	/* we only want to mangle arp replies */

	if (arp->ar_op != htons(ARPOP_REPLY))

	/* we only want to mangle arp requests and replies */

	if (arp->ar_op != htons(ARPOP_REPLY)

	    && arp->ar_op != htons(ARPOP_REQUEST))

		return NF_ACCEPT;



	payload = (void *)(arp+1);