On Fri, Dec 20, 2019 at 11:53:38AM +0800, wenxu wrote:
> Maybe the patch your suggestion is not correct?
>
> On 12/20/2019 6:18 AM, Pablo Neira Ayuso wrote:
> > diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
> > index 506aaaf8151d..8680fc56cd7c 100644
> > --- a/net/netfilter/nf_flow_table_offload.c
> > +++ b/net/netfilter/nf_flow_table_offload.c
> > @@ -156,14 +156,14 @@ static int flow_offload_eth_dst(struct net *net,
>
> > enum flow_offload_tuple_dir dir,
> > struct nf_flow_rule *flow_rule)
> > {
> > - const struct flow_offload_tuple *tuple = &flow->tuplehash[dir].tuple;
> > + const struct flow_offload_tuple *tuple = &flow->tuplehash[!dir].tuple;
> > struct flow_action_entry *entry0 = flow_action_entry_next(flow_rule);
> > struct flow_action_entry *entry1 = flow_action_entry_next(flow_rule);
> > struct neighbour *n;
> > u32 mask, val;
> > u16 val16;
> >
> > - n = dst_neigh_lookup(tuple->dst_cache, &tuple->dst_v4);
> > + n = dst_neigh_lookup(tuple->dst_cache, &tuple->src_v4);
> The dst_cache should be flow->tuplehash[dir].tuple.dst_cache but not peer dir's;
Hm, I think this is like your patch, but without the two extra new lines
and new variable definitions.
