netfilter: nf_flow_table: fix offloading connections with SNAT+DNAT

Pass all NAT types to the flow offload struct, otherwise parts of the
address/port pair do not get translated properly, causing connection
stalls

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c
index 0699981..eb0d165 100644 (file)
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -84,7 +84,7 @@ flow_offload_alloc(struct nf_conn *ct, struct nf_flow_route *route)
 
        if (ct->status & IPS_SRC_NAT)
                flow->flags |= FLOW_OFFLOAD_SNAT;
-       else if (ct->status & IPS_DST_NAT)
+       if (ct->status & IPS_DST_NAT)
                flow->flags |= FLOW_OFFLOAD_DNAT;
 
        return flow;