Maybe the patch your suggestion is not correct?
On 12/20/2019 6:18 AM, Pablo Neira Ayuso wrote:
> diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
> index 506aaaf8151d..8680fc56cd7c 100644
> --- a/net/netfilter/nf_flow_table_offload.c
> +++ b/net/netfilter/nf_flow_table_offload.c
> @@ -156,14 +156,14 @@ static int flow_offload_eth_dst(struct net *net,
> enum flow_offload_tuple_dir dir,
> struct nf_flow_rule *flow_rule)
> {
> - const struct flow_offload_tuple *tuple = &flow->tuplehash[dir].tuple;
> + const struct flow_offload_tuple *tuple = &flow->tuplehash[!dir].tuple;
> struct flow_action_entry *entry0 = flow_action_entry_next(flow_rule);
> struct flow_action_entry *entry1 = flow_action_entry_next(flow_rule);
> struct neighbour *n;
> u32 mask, val;
> u16 val16;
>
> - n = dst_neigh_lookup(tuple->dst_cache, &tuple->dst_v4);
> + n = dst_neigh_lookup(tuple->dst_cache, &tuple->src_v4);
The dst_cache should be flow->tuplehash[dir].tuple.dst_cache but not peer dir's;
> if (!n)
> return -ENOENT;
>
>
