diff options
| author | Taehee Yoo <ap420073@gmail.com> | 2018-11-05 12:23:25 +0300 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-12-18 03:18:38 +0300 |
| commit | 06aa151ad1fc74a49b45336672515774a678d78d (patch) | |
| tree | d01a52c0745c152dd5ce354391de04461c830570 /Documentation/networking/nf_conntrack-sysctl.txt | |
| parent | 2a61d8b883bbad26b06d2e6cc3777a697e78830d (diff) | |
| download | linux-06aa151ad1fc74a49b45336672515774a678d78d.tar.xz | |
netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set
If same destination IP address config is already existing, that config is
just used. MAC address also should be same.
However, there is no MAC address checking routine.
So that MAC address checking routine is added.
test commands:
%iptables -A INPUT -p tcp -i lo -d 192.168.0.5 --dport 80 \
-j CLUSTERIP --new --hashmode sourceip \
--clustermac 01:00:5e:00:00:20 --total-nodes 2 --local-node 1
%iptables -A INPUT -p tcp -i lo -d 192.168.0.5 --dport 80 \
-j CLUSTERIP --new --hashmode sourceip \
--clustermac 01:00:5e:00:00:21 --total-nodes 2 --local-node 1
After this patch, above commands are disallowed.
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'Documentation/networking/nf_conntrack-sysctl.txt')
0 files changed, 0 insertions, 0 deletions