From patchwork Wed Jan 9 02:40:11 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: wenxu X-Patchwork-Id: 1022277 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=ucloud.cn Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 43ZCzF61kXz9s7h for ; Wed, 9 Jan 2019 13:40:25 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729376AbfAICkY (ORCPT ); Tue, 8 Jan 2019 21:40:24 -0500 Received: from m9783.mail.qiye.163.com ([220.181.97.83]:10654 "EHLO m9783.mail.qiye.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727917AbfAICkY (ORCPT ); Tue, 8 Jan 2019 21:40:24 -0500 Received: from 10.19.61.167master (unknown [123.59.132.129]) by m9783.mail.qiye.163.com (Hmail) with ESMTPA id 19420C185A; Wed, 9 Jan 2019 10:40:21 +0800 (CST) From: wenxu@ucloud.cn To: pablo@netfilter.org Cc: netfilter-devel@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH RESEND] nft_flow_offload: Fix the peer route get from wrong daddr Date: Wed, 9 Jan 2019 10:40:11 +0800 Message-Id: <1547001611-26793-1-git-send-email-wenxu@ucloud.cn> X-Mailer: git-send-email 1.8.3.1 X-HM-Spam-Status: e1kIGBQJHllBS1VLV1koWUFJQjdXWS1ZQUlXWQkOFx4IWUFZMjUtOjcyP0 FLVUtZBg++ X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6ORg6Kjo6TDlDSi0JHQgSSFY* SygaFDJVSlVKTk9MS0tKTUlKT0pIVTMWGhIXVQweFQMOOw4YFxQOH1UYFUVZV1kSC1lBWUpJSFVO QlVKSElVSklCWVdZCAFZQUpMSEw3Bg++ X-HM-Tid: 0a68307b6b5c2085kuqy19420c185a Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: wenxu For nat example: client 1.1.1.7 ---> 2.2.2.7 which dnat to 10.0.0.7 server When syn_rcv pkt from server it get the peer(client->server) route through daddr = ct->tuplehash[!dir].tuple.dst.u3.ip, the value 2.2.2.7 is not correct in this situation. it should be 10.0.0.7 ct->tuplehash[dir].tuple.src.u3.ip Signed-off-by: wenxu --- net/netfilter/nft_flow_offload.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 974525e..ccdb8f5 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -29,10 +29,10 @@ static int nft_flow_route(const struct nft_pktinfo *pkt, memset(&fl, 0, sizeof(fl)); switch (nft_pf(pkt)) { case NFPROTO_IPV4: - fl.u.ip4.daddr = ct->tuplehash[!dir].tuple.dst.u3.ip; + fl.u.ip4.daddr = ct->tuplehash[dir].tuple.src.u3.ip; break; case NFPROTO_IPV6: - fl.u.ip6.daddr = ct->tuplehash[!dir].tuple.dst.u3.in6; + fl.u.ip6.daddr = ct->tuplehash[dir].tuple.src.u3.in6; break; }