netfilter: nf_flow_table: fix offloading connections with SNAT+DNAT

Pass all NAT types to the flow offload struct, otherwise parts of the
address/port pair do not get translated properly, causing connection
stalls

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c
index 0699981a8511560d36fa2db602b6289c07bda0b1..eb0d1658ac0559d8d74444ac3bb7714662cbe506 100644 (file)
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -84,7 +84,7 @@ flow_offload_alloc(struct nf_conn *ct, struct nf_flow_route *route)
 
        if (ct->status & IPS_SRC_NAT)
                flow->flags |= FLOW_OFFLOAD_SNAT;
-       else if (ct->status & IPS_DST_NAT)
+       if (ct->status & IPS_DST_NAT)
                flow->flags |= FLOW_OFFLOAD_DNAT;
 
        return flow;