Faking ethernet source MAC in NF_IP_POST_ROUTING

Henrik Nordstrom hno@marasystems.com
Thu, 24 Jun 2004 10:07:57 +0200 (CEST)

On Wed, 23 Jun 2004, Phillip Whelan wrote:

> In NF_IP_POST_ROUTING, the skb->mac is not NULL, but skb->mac_len is 0.
> Directly modifying the skb->mac would just lead to memory corruption.  
> How would I modify the source MAC address? (Im inside
> NF_IP_POST_ROUTING). Can I access through a negative offset from
> skb->data? (net/ipv4/arp.c does this, I think).

You can't from netfilter. The MAC is added very very late in the packet 
sending process, after the NF_IP_POST_ROUTING hook.

What you maybe can do if ARP is your only concern is to run ARP in
userspace and send the replies using a raw socket.

But I honestly do not understand why you want to do this. The ARP address
is configurable (see the ip link command), and there even exists patches
to allow a single Ethernet to act as multiple virtual interfaces each with
their own MAC... (look for mac vlan, can be found from the same source as
the vlan patch)