G H <uothrawn@xxxxxxxxx> wrote:
> On early versions of Linux, I could use ebtables to rewrite the ARP packet using the below command. This ensures that the switch would only see MAC address 00:50:56:96:12:5e, not aa:18:f0:55:79:1e.
>
> ebtables -t nat -I POSTROUTING --logical-out br0 --src aa:18:f0:55:79:1e \
> -j snat --to-src 00:50:56:96:12:5e --snat-arp --snat-target ACCEPT
>
> I can get close to recreating this with nftables, but it is missing the functionality provided by the --snat-arp argument.
>
> table bridge filter {
> chain POSTROUTING {
> type filter hook postrouting priority 0; policy accept;
> ether saddr aa:18:f0:55:79:1e ether saddr set 00:50:56:96:12:5e
> }
> }
>
> My outgoing ARP packet has its source MAC address rewritten successfully, but the "is-at" still points to the original MAC address. How do I alter the outbound ARP response to set "is-at" to point to 00:50:56:96:12:5e?
No idea, but you might want to look at the "arp" payload expression.
Maybe:
arp operation reply arp daddr ether set ...
