On 2021-09-13, at 01:39:00 +0200, Florian Westphal wrote:
> Jeremy Sowden <jeremy@xxxxxxxxxx> wrote:
> > ip6tables only sets the `IP6T_F_PROTO` flag on a rule if a protocol
> > is specified (`-p tcp`, for example). However, if the flag is not
> > set, `ip6_packet_match` doesn't call `ipv6_find_hdr` for the skb, in
> > which case the fragment offset is left uninitialized and a garbage
> > value is passed to each matcher.
>
> Fixes: f7108a20dee44 ("netfilter: xtables: move extension arguments into compound structure (1/6)"
> Reviewed-by: Florian Westphal <fw@xxxxxxxxx>
Thanks, Florian.
J.
Attachment:
signature.asc
Description: PGP signature
