netfilter-2.6/patch-o-matic-ng/trunk/net/ipv4/netfilter/ipt_CLUSTERIP.c
pluto
cvs at pld-linux.org
Wed Jun 22 14:53:55 CEST 2005
Author: pluto
Date: Wed Jun 22 14:53:53 2005
New Revision: 6169
Modified:
netfilter-2.6/patch-o-matic-ng/trunk/net/ipv4/netfilter/ipt_CLUSTERIP.c
Log:
- arp caches also snoop arp queries, therefore it's not sufficient
to alter arp replies.
Modified: netfilter-2.6/patch-o-matic-ng/trunk/net/ipv4/netfilter/ipt_CLUSTERIP.c
==============================================================================
--- netfilter-2.6/patch-o-matic-ng/trunk/net/ipv4/netfilter/ipt_CLUSTERIP.c (original)
+++ netfilter-2.6/patch-o-matic-ng/trunk/net/ipv4/netfilter/ipt_CLUSTERIP.c Wed Jun 22 14:53:53 2005
@@ -29,6 +29,7 @@
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv4/ipt_CLUSTERIP.h>
#include <linux/netfilter_ipv4/ip_conntrack.h>
+#include <linux/netfilter_ipv4/lockhelp.h>
#define CLUSTERIP_VERSION "0.6"
@@ -66,7 +67,7 @@
/* clusterip_lock protects the clusterip_configs list _AND_ the configurable
* data within all structurses (num_local_nodes, local_nodes[]) */
-DECLARE_RWLOCK(clusterip_lock);
+static DECLARE_RWLOCK(clusterip_lock);
#ifdef CONFIG_PROC_FS
static struct file_operations clusterip_proc_fops;
@@ -522,8 +523,9 @@
|| arp->ar_pln != 4 || arp->ar_hln != ETH_ALEN)
return NF_ACCEPT;
- /* we only want to mangle arp replies */
- if (arp->ar_op != htons(ARPOP_REPLY))
+ /* we only want to mangle arp requests and replies */
+ if (arp->ar_op != htons(ARPOP_REPLY)
+ && arp->ar_op != htons(ARPOP_REQUEST))
return NF_ACCEPT;
payload = (void *)(arp+1);
@@ -664,7 +666,7 @@
return ret;
}
-static ssize_t clusterip_proc_write(struct file *file, const char *input,
+static ssize_t clusterip_proc_write(struct file *file, const char __user *input,
size_t size, loff_t *ofs)
{
#define PROC_WRITELEN 10
More information about the pld-cvs-commit
mailing list