On Thu, 28 Jul 2005 16:23:43 -0700 Dirk Morris <dmorris@xxxxxxxxxxxx> wrote: > I think the new mac ageing (sometime since 2.6.8.1) may be too > aggressive. Now it updates the table at a much later time, with a > comment in the code that leads me to believe > this is to prevent counting spoofed packets and a DOS. > > My problem is that the update occurs after the netfilter hooks which > may do weird things to change the course of the packet so that it > does not get counted. > (in my case, redirecting, queueing to userspace, nonlocally bound > sockets, etc). > For me this causes packets to go spewing out on the wrong interface > when the timer expires. > > I used the attached patch to revert back to the old method. > > -Dirk If you are whacking the source address, that seems wrong. The fix for that would be to copy the original source address somewhere, then extract it back afterwards.
