ip: fix loopback input detection

In commit e5570d2 ("policy: add stateful dynamic source nat
support"), the assignment ip_output_mbuf_data(mbuf)->nh = nh was moved
earlier in the processing path. This assignment overwrites the mbuf
metadata that e points to, since eth_input_mbuf_data and
ip_output_mbuf_data share the same memory area.

As a result, accessing e->domain after this assignment reads garbage
data, causing incorrect routing decisions when checking whether a packet
should be sent to ip_output directly versus being forwarded.

Cache the domain value in a local variable before the mbuf metadata is
overwritten to ensure the correct routing decision is made.

Fixes: e5570d2 ("policy: add stateful dynamic source nat support")
Signed-off-by: Robin Jarry <rjarry@redhat.com>

Author: rjarry

modules/ip/datapath/ip_input.c

@@ -50,13 +50,15 @@ ip_input_process(struct rte_graph *graph, struct rte_node *node, void **objs, ui
 	const struct nexthop *nh;
 	struct rte_ipv4_hdr *ip;
 	struct rte_mbuf *mbuf;
+	eth_domain_t domain;
 	rte_edge_t edge;
 	uint16_t i;
 
 	for (i = 0; i < nb_objs; i++) {
 		mbuf = objs[i];
 		ip = rte_pktmbuf_mtod(mbuf, struct rte_ipv4_hdr *);
 		e = eth_input_mbuf_data(mbuf);
+		domain = e->domain;
 		iface = e->iface;
 		nh = NULL;
 
@@ -111,7 +113,7 @@ ip_input_process(struct rte_graph *graph, struct rte_node *node, void **objs, ui
 			goto next;
 		}
 
-		switch (e->domain) {
+		switch (domain) {
 		case ETH_DOMAIN_LOOPBACK:
 		case ETH_DOMAIN_LOCAL:
 			// Packet sent to our ethernet address.
@@ -143,7 +145,7 @@ ip_input_process(struct rte_graph *graph, struct rte_node *node, void **objs, ui
 
 		// If the resolved next hop is local and the destination IP is ourselves,
 		// send to ip_local.
-		if (e->domain == ETH_DOMAIN_LOOPBACK)
+		if (domain == ETH_DOMAIN_LOOPBACK)
 			edge = OUTPUT;
 		else if (nh->type == GR_NH_T_L3) {
 			l3 = nexthop_info_l3(nh);