On Thu, Dec 19, 2019 at 11:18:16PM +0100, Pablo Neira Ayuso wrote: > On Tue, Dec 17, 2019 at 04:52:45PM +0800, wenxu@xxxxxxxxx wrote: > > From: wenxu <wenxu@xxxxxxxxx> > > > > Get the dst_neigh through dst_ip, The dst_ip should get > > through peer tuple.src_v4 fix for dnat case. > > Please, revamp patch description: > > netfilter: nf_flow_table_offload: fix incorrect ethernet dst address > > Proposed description: > > original: A -> FW > reply: B -> A This part above is not correct, actually FW should be B instead. > Traffic going in original direction uses address B as > destination. Traffic going in reply direction uses address A > as destination. This should be instead: Ethernet destination for original traffic takes the source ethernet address in the reply direction. For reply traffic, this takes the source ethernet address of the original direction. Hope this helps to clarify.
