[NETFILTER]: ipt_CLUSTERIP: fix ARP mangling

This patch adds mangling of ARP requests (in addition to replies),
since ARP caches are made from snooping both requests and replies.

Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 9cde8c61f525920aa36cdd422b93742f2574e02b..6706d3a1bc4fbe548746412597497ddccf895dc4 100644 (file)
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -30,7 +30,7 @@
 #include <linux/netfilter_ipv4/ipt_CLUSTERIP.h>
 #include <linux/netfilter_ipv4/ip_conntrack.h>
 
-#define CLUSTERIP_VERSION "0.6"
+#define CLUSTERIP_VERSION "0.7"
 
 #define DEBUG_CLUSTERIP
 
@@ -524,8 +524,9 @@ arp_mangle(unsigned int hook,
            || arp->ar_pln != 4 || arp->ar_hln != ETH_ALEN)
                return NF_ACCEPT;
 
-       /* we only want to mangle arp replies */
-       if (arp->ar_op != htons(ARPOP_REPLY))
+       /* we only want to mangle arp requests and replies */
+       if (arp->ar_op != htons(ARPOP_REPLY)
+           && arp->ar_op != htons(ARPOP_REQUEST))
                return NF_ACCEPT;
 
        payload = (void *)(arp+1);