[NETFILTER]: ipt_CLUSTERIP: fix ARP mangling

This patch adds mangling of ARP requests (in addition to replies), since ARP caches are made from snooping both requests and replies. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Harald Welte <laforge@netfilter.org> 2005-06-28 15:49:30 -0400
committer: David S. Miller <davem@davemloft.net> 2005-06-28 15:49:30 -0400
commit: 4095ebf1e641b0f37ee1cd04c903bb85cf4ed25b (patch)
tree: ffe37949a9d27ff0b369b3e867009237f38f70ef /net/ipv4
parent: 85c1937b2693a0d4e39bb2644d720ed3703b9830 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 9cde8c61f525..6706d3a1bc4f 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -30,7 +30,7 @@
 #include <linux/netfilter_ipv4/ipt_CLUSTERIP.h>
 #include <linux/netfilter_ipv4/ip_conntrack.h>
-#define CLUSTERIP_VERSION "0.6"
+#define CLUSTERIP_VERSION "0.7"
 #define DEBUG_CLUSTERIP
@@ -524,8 +524,9 @@ arp_mangle(unsigned int hook,
            || arp->ar_pln != 4 || arp->ar_hln != ETH_ALEN)
                return NF_ACCEPT;
-        /* we only want to mangle arp replies */
+        /* we only want to mangle arp requests and replies */
-        if (arp->ar_op != htons(ARPOP_REPLY))
+        if (arp->ar_op != htons(ARPOP_REPLY)
+            && arp->ar_op != htons(ARPOP_REQUEST))
                return NF_ACCEPT;
        payload = (void *)(arp+1);
author	Harald Welte <laforge@netfilter.org>	2005-06-28 15:49:30 -0400
committer	David S. Miller <davem@davemloft.net>	2005-06-28 15:49:30 -0400
commit	4095ebf1e641b0f37ee1cd04c903bb85cf4ed25b (patch)
tree	ffe37949a9d27ff0b369b3e867009237f38f70ef /net/ipv4
parent	85c1937b2693a0d4e39bb2644d720ed3703b9830 (diff)