Message ID | 1381134176-18168-1-git-send-email-gaofeng@cn.fujitsu.com |
---|---|
State | Not Applicable |
Headers | show |
On Mon, Oct 07, 2013 at 04:22:56PM +0800, Gao feng wrote: > --h-length,--mangle-mac-s,--mangle-mac-d,--destination-mac > are not supported by arptables now,and the chain name is IN/OUT. I guess you're using jf's arptables version. The syntax is correct for mainstream version. I think it's worth to add a comment in the manpage, many people may be confused with this and believe that arptables is broken. > Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> > --- > extensions/libxt_cluster.man | 20 ++++++++++---------- > 1 file changed, 10 insertions(+), 10 deletions(-) > > diff --git a/extensions/libxt_cluster.man b/extensions/libxt_cluster.man > index 62ad71c..808a4d7 100644 > --- a/extensions/libxt_cluster.man > +++ b/extensions/libxt_cluster.man > @@ -41,19 +41,19 @@ ip maddr add 01:00:5e:00:01:01 dev eth1 > .IP > ip maddr add 01:00:5e:00:01:02 dev eth2 > .IP > -arptables \-A OUTPUT \-o eth1 \-\-h\-length 6 > -\-j mangle \-\-mangle-mac-s 01:00:5e:00:01:01 > +arptables \-A OUT \-o eth1 \-arhln 6 > +\-j mangle \-\-mangle-hw-s 01:00:5e:00:01:01 > .IP > -arptables \-A INPUT \-i eth1 \-\-h-length 6 > -\-\-destination-mac 01:00:5e:00:01:01 > -\-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27 > +arptables \-A IN \-i eth1 \-arhln 6 > +\-\-target-hw 01:00:5e:00:01:01 > +\-j mangle \-\-mangle\-hw\-d 00:zz:yy:xx:5a:27 > .IP > -arptables \-A OUTPUT \-o eth2 \-\-h\-length 6 > -\-j mangle \-\-mangle\-mac\-s 01:00:5e:00:01:02 > +arptables \-A OUT \-o eth2 \-arhln 6 > +\-j mangle \-\-mangle\-hw\-s 01:00:5e:00:01:02 > .IP > -arptables \-A INPUT \-i eth2 \-\-h\-length 6 > -\-\-destination\-mac 01:00:5e:00:01:02 > -\-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27 > +arptables \-A IN \-i eth2 \-arhln 6 > +\-\-target\-hw 01:00:5e:00:01:02 > +\-j mangle \-\-mangle\-hw\-d 00:zz:yy:xx:5a:27 > .PP > In the case of TCP connections, pickup facility has to be disabled > to avoid marking TCP ACK packets coming in the reply direction as > -- > 1.8.3.1 > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 10/07/2013 05:33 PM, Pablo Neira Ayuso wrote: > On Mon, Oct 07, 2013 at 04:22:56PM +0800, Gao feng wrote: >> --h-length,--mangle-mac-s,--mangle-mac-d,--destination-mac >> are not supported by arptables now,and the chain name is IN/OUT. > > I guess you're using jf's arptables version. The syntax is correct for > mainstream version. > Yes, it comes from arptables_jf-0.0.8-32.fc19.x86_64. > I think it's worth to add a comment in the manpage, many people may be > confused with this and believe that arptables is broken. > You can regard this patch as a notification. I'm glad to see your patch. :) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/extensions/libxt_cluster.man b/extensions/libxt_cluster.man index 62ad71c..808a4d7 100644 --- a/extensions/libxt_cluster.man +++ b/extensions/libxt_cluster.man @@ -41,19 +41,19 @@ ip maddr add 01:00:5e:00:01:01 dev eth1 .IP ip maddr add 01:00:5e:00:01:02 dev eth2 .IP -arptables \-A OUTPUT \-o eth1 \-\-h\-length 6 -\-j mangle \-\-mangle-mac-s 01:00:5e:00:01:01 +arptables \-A OUT \-o eth1 \-arhln 6 +\-j mangle \-\-mangle-hw-s 01:00:5e:00:01:01 .IP -arptables \-A INPUT \-i eth1 \-\-h-length 6 -\-\-destination-mac 01:00:5e:00:01:01 -\-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27 +arptables \-A IN \-i eth1 \-arhln 6 +\-\-target-hw 01:00:5e:00:01:01 +\-j mangle \-\-mangle\-hw\-d 00:zz:yy:xx:5a:27 .IP -arptables \-A OUTPUT \-o eth2 \-\-h\-length 6 -\-j mangle \-\-mangle\-mac\-s 01:00:5e:00:01:02 +arptables \-A OUT \-o eth2 \-arhln 6 +\-j mangle \-\-mangle\-hw\-s 01:00:5e:00:01:02 .IP -arptables \-A INPUT \-i eth2 \-\-h\-length 6 -\-\-destination\-mac 01:00:5e:00:01:02 -\-j mangle \-\-mangle\-mac\-d 00:zz:yy:xx:5a:27 +arptables \-A IN \-i eth2 \-arhln 6 +\-\-target\-hw 01:00:5e:00:01:02 +\-j mangle \-\-mangle\-hw\-d 00:zz:yy:xx:5a:27 .PP In the case of TCP connections, pickup facility has to be disabled to avoid marking TCP ACK packets coming in the reply direction as
--h-length,--mangle-mac-s,--mangle-mac-d,--destination-mac are not supported by arptables now,and the chain name is IN/OUT. Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> --- extensions/libxt_cluster.man | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-)