2 items:
1. frag_off (Fragment Offset pointer) overshot by 2 bytes because of adding
offsetof() to it *after* it had been cast to uint16_t *.
2. Need to mask off LS 3 bits of ip6f_offlg *after* call to htons.
Fixes: a0c885ae5a79 ("add pkt_buff and protocol helper functions")
Signed-off-by: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
---
src/extra/ipv6.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/extra/ipv6.c b/src/extra/ipv6.c
index 69d86a8..fd8ebc4 100644
--- a/src/extra/ipv6.c
+++ b/src/extra/ipv6.c
@@ -113,11 +113,11 @@ int nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h,
break;
}
- frag_off = (uint16_t *)cur +
- offsetof(struct ip6_frag, ip6f_offlg);
+ frag_off = (uint16_t *)(cur +
+ offsetof(struct ip6_frag, ip6f_offlg));
/* Fragment offset is only 13 bits long. */
- if (htons(*frag_off & ~0x7)) {
+ if (htons(*frag_off) & ~0x7) {
/* Not the first fragment, it does not contain
* any headers.
*/
--
2.35.8
