On Tue, Dec 17, 2019 at 04:52:45PM +0800, wenxu@xxxxxxxxx wrote:
> From: wenxu <wenxu@xxxxxxxxx>
>
> Get the dst_neigh through dst_ip, The dst_ip should get
> through peer tuple.src_v4 fix for dnat case.
Please, revamp patch description:
netfilter: nf_flow_table_offload: fix incorrect ethernet dst address
Proposed description:
original: A -> FW
reply: B -> A
Traffic going in original direction uses address B as
destination. Traffic going in reply direction uses address A
as destination.
I'd suggest a more simplified patch, attached.
diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
index 506aaaf8151d..8680fc56cd7c 100644
--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -156,14 +156,14 @@ static int flow_offload_eth_dst(struct net *net,
enum flow_offload_tuple_dir dir,
struct nf_flow_rule *flow_rule)
{
- const struct flow_offload_tuple *tuple = &flow->tuplehash[dir].tuple;
+ const struct flow_offload_tuple *tuple = &flow->tuplehash[!dir].tuple;
struct flow_action_entry *entry0 = flow_action_entry_next(flow_rule);
struct flow_action_entry *entry1 = flow_action_entry_next(flow_rule);
struct neighbour *n;
u32 mask, val;
u16 val16;
- n = dst_neigh_lookup(tuple->dst_cache, &tuple->dst_v4);
+ n = dst_neigh_lookup(tuple->dst_cache, &tuple->src_v4);
if (!n)
return -ENOENT;
