[netfilter-cvslog] r3988 - trunk/patch-o-matic-ng/CLUSTERIP/linux-2.6/net/ipv4/netfilter

[laforge at netfilter.org]

Author: laforge at netfilter.org
Date: 2005-06-22 14:25:54 +0200 (Wed, 22 Jun 2005)
New Revision: 3988

Modified:
   trunk/patch-o-matic-ng/CLUSTERIP/linux-2.6/net/ipv4/netfilter/ipt_CLUSTERIP.c
Log:
ARP caches also snoop ARP queries, therefore it's not sufficient to alter ARP replies.


Modified: trunk/patch-o-matic-ng/CLUSTERIP/linux-2.6/net/ipv4/netfilter/ipt_CLUSTERIP.c
===================================================================
--- trunk/patch-o-matic-ng/CLUSTERIP/linux-2.6/net/ipv4/netfilter/ipt_CLUSTERIP.c	2005-06-22 12:25:15 UTC (rev 3987)
+++ trunk/patch-o-matic-ng/CLUSTERIP/linux-2.6/net/ipv4/netfilter/ipt_CLUSTERIP.c	2005-06-22 12:25:54 UTC (rev 3988)
@@ -523,8 +523,9 @@
 	    || arp->ar_pln != 4 || arp->ar_hln != ETH_ALEN)
 		return NF_ACCEPT;
 
-	/* we only want to mangle arp replies */
-	if (arp->ar_op != htons(ARPOP_REPLY))
+	/* we only want to mangle arp requests and replies */
+	if (arp->ar_op != htons(ARPOP_REPLY)
+	    && arp->ar_op != htons(ARPOP_REQUEST))
 		return NF_ACCEPT;
 
 	payload = (void *)(arp+1);