diff options
| author |   wenxu <wenxu@ucloud.cn> | 2019-12-20 12:14:36 +0800 |
|---|---|---|
| committer |   Pablo Neira Ayuso <pablo@netfilter.org> | 2020-01-05 10:06:27 +0100 |
| commit | 1b67e50601fabc9589022e6b5e79fd8596c2338e (patch) | |
| tree | bf03fdf50b17f0c02ed985e763dd1fdc192984d2 /net/netfilter | |
| parent | netfilter: nft_flow_offload: fix underflow in flowtable reference counter (diff) | |
| download | linux-dev-1b67e50601fabc9589022e6b5e79fd8596c2338e.tar.xz linux-dev-1b67e50601fabc9589022e6b5e79fd8596c2338e.zip | |
netfilter: nf_flow_table_offload: fix incorrect ethernet dst address
Ethernet destination for original traffic takes the source ethernet address
in the reply direction. For reply traffic, this takes the source
ethernet address of the original direction.
Fixes: c29f74e0df7a ("netfilter: nf_flow_table: hardware offload support")
Signed-off-by: wenxu <wenxu@ucloud.cn>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/nf_flow_table_offload.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index 0d72e5ccb47b..ee9edbe50d4f 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -166,14 +166,16 @@ static int flow_offload_eth_dst(struct net *net, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule) { - const struct flow_offload_tuple *tuple = &flow->tuplehash[dir].tuple; struct flow_action_entry *entry0 = flow_action_entry_next(flow_rule); struct flow_action_entry *entry1 = flow_action_entry_next(flow_rule); + const void *daddr = &flow->tuplehash[!dir].tuple.src_v4; + const struct dst_entry *dst_cache; struct neighbour *n; u32 mask, val; u16 val16; - n = dst_neigh_lookup(tuple->dst_cache, &tuple->dst_v4); + dst_cache = flow->tuplehash[dir].tuple.dst_cache; + n = dst_neigh_lookup(dst_cache, daddr); if (!n) return -ENOENT; |