I looked at the patch posted to l-k, linux-ha and lvs-users.
It didn't filter the arp reply from my second interface so I changed it.
This works for us.
>From root of kernel source tree: patch -p0 <linux.one.arp.patch
-- Ron
*** net/ipv4/arp.c.orig Thu Oct 14 08:20:42 1999
--- net/ipv4/arp.c Fri Oct 15 23:56:42 1999
***************
*** 65,70 ****
--- 65,74 ----
* clean up the APFDDI & gen. FDDI bits.
* Alexey Kuznetsov: new arp state machine;
* now it is in net/core/neighbour.c.
+ * Ron Rechenmacher: IP address belong to interfaces;
+ * I gained knowledge/insight by looking
+ * at Stephen D. WIlliams patch rollup
+ * posted to linux-ha, etc., Oct '99
*/
/* RFC1122 Status:
***************
*** 427,432 ****
--- 431,437 ----
struct sk_buff *skb;
struct arphdr *arp;
unsigned char *arp_ptr;
+ struct device *dev_real; /* The real device this ARP is for, if not dev */
/*
* No arp on this interface.
***************
*** 434,439 ****
--- 439,457 ----
if (dev->flags&IFF_NOARP)
return;
+
+ #define CONFIG_IPS_BELONG_TO_INTERFACES
+ #ifdef CONFIG_IPS_BELONG_TO_INTERFACES
+ printk( KERN_INFO "arp_send:Re%s src_ip: 0x%x, dest_ip: 0x%x\n"
+ , (type==ARPOP_REPLY)?"sponse":"quest", src_ip, dest_ip );
+
+ dev_real = ip_dev_find(src_ip);
+
+ if (type == ARPOP_REPLY && dev_real != NULL && dev_real != dev) {
+ printk( KERN_INFO "arp_send: (w/another device's address) filtering response\n" );
+ return; /* return if response from other interface */
+ }
+ #endif
/*
* Allocate a buffer
