On Sat, Jan 29, 2022 at 05:13:23PM +0100, Florian Westphal wrote: > Loads relative to ->thoff naturally expect that this points to the > transport header, but this is only true if pkt->fragoff == 0. > > This has little effect for rulesets with connection tracking/nat because > these enable ip defra. For other rulesets this prevents false matches. Also applied
