netfilter: nf_tables_offload: fix check the chain offload flag

In the nft_indr_block_cb the chain should check the flag with
NFT_CHAIN_HW_OFFLOAD.

Fixes: 9a32669fecfb ("netfilter: nf_tables_offload: support indr block call")
Signed-off-by: wenxu <wenxu@ucloud.cn>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c
index a9ea29afb09ff10b52ac36eb5ee0a1ef8def069c..2bb28483af2253cdcda575b555f1d615cf1a1216 100644 (file)
--- a/net/netfilter/nf_tables_offload.c
+++ b/net/netfilter/nf_tables_offload.c
@@ -564,7 +564,7 @@ static void nft_indr_block_cb(struct net_device *dev,
 
        mutex_lock(&net->nft.commit_mutex);
        chain = __nft_offload_get_chain(dev);
-       if (chain) {
+       if (chain && chain->flags & NFT_CHAIN_HW_OFFLOAD) {
                struct nft_base_chain *basechain;
 
                basechain = nft_base_chain(chain);