From: Konstantin Vasin <tempest921@gmail.com>
Date: Mon, 9 Mar 2020 18:38:54 +0300
Subject: [PATCH] netfilter: nf_flow_table_hw: fix incorrect ethernet dst
 address

Ethernet destination for original traffic takes the source ethernet
address in the reply direction. For reply traffic, this takes
the source ethernet address of the original destination.

This fix is based on the upstream commit 1b67e506:
("netfilter: nf_flow_table_offload: fix incorrect ethernet dst address")
from wenxu <wenxu@ucloud.cn>

Signed-off-by: Konstantin Vasin <tempest921@gmail.com>
---

--- a/net/netfilter/nf_flow_table_hw.c
+++ b/net/netfilter/nf_flow_table_hw.c
@@ -24,17 +24,23 @@ struct flow_offload_hw {
 	struct flow_offload_hw_path dest;
 };
 
-static void flow_offload_check_ethernet(struct flow_offload_tuple *tuple,
+static void flow_offload_check_ethernet(struct flow_offload *flow,
+					enum flow_offload_tuple_dir dir,
 					struct flow_offload_hw_path *path)
 {
 	struct net_device *dev = path->dev;
 	struct neighbour *n;
+	const void *daddr;
+	const struct dst_entry *dst_cache;
 
 	if (dev->type != ARPHRD_ETHER)
 		return;
 
 	memcpy(path->eth_src, path->dev->dev_addr, ETH_ALEN);
-	n = dst_neigh_lookup(tuple->dst_cache, &tuple->src_v4);
+
+	daddr = &flow->tuplehash[dir].tuple.src_v4;
+	dst_cache = flow->tuplehash[!dir].tuple.dst_cache;
+	n = dst_neigh_lookup(dst_cache, daddr);
 	if (!n)
 		return;
 
@@ -44,17 +50,18 @@ static void flow_offload_check_ethernet(struct flow_offload_tuple *tuple,
 }
 
 static int flow_offload_check_path(struct net *net,
-				   struct flow_offload_tuple *tuple,
+				   struct flow_offload *flow,
+				   enum flow_offload_tuple_dir dir,
 				   struct flow_offload_hw_path *path)
 {
 	struct net_device *dev;
 
-	dev = dev_get_by_index_rcu(net, tuple->iifidx);
+	dev = dev_get_by_index_rcu(net, flow->tuplehash[dir].tuple.iifidx);
 	if (!dev)
 		return -ENOENT;
 
 	path->dev = dev;
-	flow_offload_check_ethernet(tuple, path);
+	flow_offload_check_ethernet(flow, dir, path);
 
 	if (dev->netdev_ops->ndo_flow_offload_check)
 		return dev->netdev_ops->ndo_flow_offload_check(path);
@@ -133,17 +140,14 @@ flow_offload_hw_prepare(struct net *net, struct flow_offload *flow)
 {
 	struct flow_offload_hw_path src = {};
 	struct flow_offload_hw_path dest = {};
-	struct flow_offload_tuple *tuple;
 	struct flow_offload_hw *offload = NULL;
 
 	rcu_read_lock_bh();
 
-	tuple = &flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple;
-	if (flow_offload_check_path(net, tuple, &src))
+	if (flow_offload_check_path(net, flow, FLOW_OFFLOAD_DIR_ORIGINAL, &src))
 		goto out;
 
-	tuple = &flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple;
-	if (flow_offload_check_path(net, tuple, &dest))
+	if (flow_offload_check_path(net, flow, FLOW_OFFLOAD_DIR_REPLY, &dest))
 		goto out;
 
 	if (!src.dev->netdev_ops->ndo_flow_offload)