On Sun, Sep 12, 2021 at 10:24:33PM +0100, Jeremy Sowden wrote: > ip6tables only sets the `IP6T_F_PROTO` flag on a rule if a protocol is > specified (`-p tcp`, for example). However, if the flag is not set, > `ip6_packet_match` doesn't call `ipv6_find_hdr` for the skb, in which > case the fragment offset is left uninitialized and a garbage value is > passed to each matcher. Applied, thanks.
