netfilter: nf_flow_table_offload: fix incorrect ethernet dst address

Ethernet destination for original traffic takes the source ethernet address
in the reply direction. For reply traffic, this takes the source
ethernet address of the original direction.

Fixes: c29f74e0df7a ("netfilter: nf_flow_table: hardware offload support")
Signed-off-by: wenxu <wenxu@ucloud.cn>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
index 0d72e5c..ee9edbe 100644 (file)
--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -166,14 +166,16 @@ static int flow_offload_eth_dst(struct net *net,
                                enum flow_offload_tuple_dir dir,
                                struct nf_flow_rule *flow_rule)
 {
-       const struct flow_offload_tuple *tuple = &flow->tuplehash[dir].tuple;
        struct flow_action_entry *entry0 = flow_action_entry_next(flow_rule);
        struct flow_action_entry *entry1 = flow_action_entry_next(flow_rule);
+       const void *daddr = &flow->tuplehash[!dir].tuple.src_v4;
+       const struct dst_entry *dst_cache;
        struct neighbour *n;
        u32 mask, val;
        u16 val16;
 
-       n = dst_neigh_lookup(tuple->dst_cache, &tuple->dst_v4);
+       dst_cache = flow->tuplehash[dir].tuple.dst_cache;
+       n = dst_neigh_lookup(dst_cache, daddr);
        if (!n)
                return -ENOENT;