netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set - linux-dev - Linux kernel development work

diff options

author	Taehee Yoo <ap420073@gmail.com>	2018-11-05 18:23:25 +0900
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-12-18 01:18:38 +0100
commit	06aa151ad1fc74a49b45336672515774a678d78d (patch)
tree	d01a52c0745c152dd5ce354391de04461c830570 /include
parent	netfilter: ipt_CLUSTERIP: fix sleep-in-atomic bug in clusterip_config_entry_put() (diff)
download	linux-dev-06aa151ad1fc74a49b45336672515774a678d78d.tar.xz linux-dev-06aa151ad1fc74a49b45336672515774a678d78d.zip

netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set

If same destination IP address config is already existing, that config is just used. MAC address also should be same. However, there is no MAC address checking routine. So that MAC address checking routine is added. test commands: %iptables -A INPUT -p tcp -i lo -d 192.168.0.5 --dport 80 \ -j CLUSTERIP --new --hashmode sourceip \ --clustermac 01:00:5e:00:00:20 --total-nodes 2 --local-node 1 %iptables -A INPUT -p tcp -i lo -d 192.168.0.5 --dport 80 \ -j CLUSTERIP --new --hashmode sourceip \ --clustermac 01:00:5e:00:00:21 --total-nodes 2 --local-node 1 After this patch, above commands are disallowed. Signed-off-by: Taehee Yoo <ap420073@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'include')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: