Jeremy Sowden <jeremy@xxxxxxxxxx> wrote:
> ip6tables only sets the `IP6T_F_PROTO` flag on a rule if a protocol is
> specified (`-p tcp`, for example). However, if the flag is not set,
> `ip6_packet_match` doesn't call `ipv6_find_hdr` for the skb, in which
> case the fragment offset is left uninitialized and a garbage value is
> passed to each matcher.
Fixes: f7108a20dee44 ("netfilter: xtables: move extension arguments into compound structure (1/6)"
Reviewed-by: Florian Westphal <fw@xxxxxxxxx>
