[NETFILTER]: Fix outgoing redirects to loopback

When redirecting an outgoing packet to loopback, it keeps the original
conntrack reference and information from the outgoing path, which
falsely triggers the check for DNAT on input and the dst_entry is
released to trigger rerouting. ip_route_input refuses to route the
packet because it has a local source address and it is dropped.

Look at the packet itself to dermine if it was NATed. Also fix a
missing inversion that causes unneccesary xfrm lookups.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/ipv4/netfilter/ip_nat_standalone.c

@@ -200,20 +200,14 @@ ip_nat_in(unsigned int hooknum,
           const struct net_device *out,
           int (*okfn)(struct sk_buff *))
 {
-	struct ip_conntrack *ct;
-	enum ip_conntrack_info ctinfo;
 	unsigned int ret;
+	u_int32_t daddr = (*pskb)->nh.iph->daddr;
 
 	ret = ip_nat_fn(hooknum, pskb, in, out, okfn);
 	if (ret != NF_DROP && ret != NF_STOLEN
-	    && (ct = ip_conntrack_get(*pskb, &ctinfo)) != NULL) {
-		enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
-
-		if (ct->tuplehash[dir].tuple.dst.ip !=
-		    ct->tuplehash[!dir].tuple.src.ip) {
-			dst_release((*pskb)->dst);
-			(*pskb)->dst = NULL;
-		}
+	    && daddr != (*pskb)->nh.iph->daddr) {
+		dst_release((*pskb)->dst);
+		(*pskb)->dst = NULL;
 	}
 	return ret;
 }
@@ -276,7 +270,7 @@ ip_nat_local_fn(unsigned int hooknum,
 		    ct->tuplehash[!dir].tuple.src.ip
 #ifdef CONFIG_XFRM
 		    || ct->tuplehash[dir].tuple.dst.u.all !=
-		       ct->tuplehash[dir].tuple.src.u.all
+		       ct->tuplehash[!dir].tuple.src.u.all
 #endif
 		    )
 			return ip_route_me_harder(pskb) == 0 ? ret : NF_DROP;