netfilter: nft_flow_offload: Fix reverse route lookup - kernel/linux.git

diff options

author	wenxu <wenxu@ucloud.cn>	2019-01-09 05:40:11 +0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2019-01-10 01:25:02 +0300
commit	a799aea0988ea0d1b1f263e996fdad2f6133c680 (patch)
tree	319c58a8050cf2421ef6b479df194b6705745004 /tools/perf/scripts/python/event_analyzing_sample.py
parent	715849ab31f8e57bbad84cc6c38912aeba6beb21 (diff)
download	linux-a799aea0988ea0d1b1f263e996fdad2f6133c680.tar.xz

netfilter: nft_flow_offload: Fix reverse route lookup

Using the following example: client 1.1.1.7 ---> 2.2.2.7 which dnat to 10.0.0.7 server The first reply packet (ie. syn+ack) uses an incorrect destination address for the reverse route lookup since it uses: daddr = ct->tuplehash[!dir].tuple.dst.u3.ip; which is 2.2.2.7 in the scenario that is described above, while this should be: daddr = ct->tuplehash[dir].tuple.src.u3.ip; that is 10.0.0.7. Signed-off-by: wenxu <wenxu@ucloud.cn> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'tools/perf/scripts/python/event_analyzing_sample.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: