> > >>I think the new mac ageing (sometime since 2.6.8.1) may be too >>aggressive. Now it updates the table at a much later time, with a >>comment in the code that leads me to believe >>this is to prevent counting spoofed packets and a DOS. >> >>My problem is that the update occurs after the netfilter hooks which >>may do weird things to change the course of the packet so that it >>does not get counted. >>(in my case, redirecting, queueing to userspace, nonlocally bound >>sockets, etc). >>For me this causes packets to go spewing out on the wrong interface >>when the timer expires. >> >>I used the attached patch to revert back to the old method. >> >> >If you are whacking the source address, that seems wrong. The fix for >that would be to copy the original source address somewhere, then >extract it back afterwards. > > I think I was leaving the source address, but I was queueing to userspace, which causes the packet to "disappear" from the kernel, meaning the update code was just never reached.
