On Wednesday 2008-10-15 21:54, Pablo Neira Ayuso wrote: >Jan Engelhardt wrote: >> On Wednesday 2008-10-15 21:24, Pablo Neira Ayuso wrote: >> >>> This patch replaces NFPROTO_ARP by NF_ARP in the hooks registered >>> by arptable_filter, otherwise the arptables tool does not work. >>> Thus, we use NF_ARP to register ARP hooks to match the NF_HOOK >>> invocation in net/ipv4/arp.c and NFPROTO_ARP for internal xtables >>> handling, ie. matches, targets and tables. >> >> This does not fly. You are essentially trying to register >> arpt_in_hook for NFPROTO_UNSPEC, since NF_ARP == 0, and >> 0 == NFPROTO_UNSPEC. > >This flies like a Boeing(R) 777 buddy ;). As the NFPROTO_* thing is only >internal used by xtables, not by the hooks. The hooks use the protocol >family, and we've been using NF_ARP to 0 by now. > >> Define "does not work". Do you mean arptables sees no packets? > >arptables sees *no packet at all*. > >The ARP mangling does not work. Try: > >arptables -o eth0 -l 6 -I OUTPUT -j mangle --mangle-mac-s 00:15:58:28:5a:30 > >and tcpdump the arp request. > >> Perhaps the following helps? > >Yes, your patch will also work, but it introduces an inconsistency in >the naming used to register hooks in the family field. No, not really. Netfilter Hooks are supposed to register with .pf = NFPROTO_FOO instead of .pf = PF_FOO because the nf_hooks list itself is indexed by nfproto numbers, not PF numbers: struct list_head nf_hooks[NFPROTO_NUMPROTO][NF_MAX_HOOKS] __read_mostly; (The fact that there's still PF_ in the source is merely historical, and as you see, PF_foo == NFPROTO_foo for that exact reason.) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
