defaults.c: fix ipv6 flow offloading

The xt_FLOWOFFLOAD target expects that par->thoff points to the beginning of the TCP header. For IPv4 that is always the case. However, on IPv6, the field is only initialized, if a protocol match was performed. Simply matching any protocol (protocol = 0) is enough to trigger the thoff initialization, so add it to the emitted rule. Signed-off-by: Felix Fietkau <nbd@nbd.name>
author: Felix Fietkau 2024-10-18 06:00:20 +0000
committer: Felix Fietkau 2024-10-18 06:00:26 +0000
commit: 1aef9791a21e3d15d4357060f09a7bb9ed3d6e4e (patch)
tree: a6612c6c674bbfdd82a75d3590cfd57c939da88e
parent: bf1d5fdf623473419f8f738fc9071fee84cb13e5 (diff)
download: firewall3-1aef9791a21e3d15d4357060f09a7bb9ed3d6e4e.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/defaults.c b/defaults.c
index 8a9a929..66fbc96 100644
--- a/defaults.c
+++ b/defaults.c
@@ -251,7 +251,10 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle,
 
 		if (defs->flow_offloading)
 		{
+			struct fw3_protocol any = {};
+
 			r = fw3_ipt_rule_new(handle);
+			fw3_ipt_rule_proto(r, &any);
 			fw3_ipt_rule_comment(r, "Traffic offloading");
 			fw3_ipt_rule_extra(r, "-m conntrack --ctstate RELATED,ESTABLISHED");
 			fw3_ipt_rule_target(r, "FLOWOFFLOAD");
author	Felix Fietkau	2024-10-18 06:00:20 +0000
committer	Felix Fietkau	2024-10-18 06:00:26 +0000
commit	1aef9791a21e3d15d4357060f09a7bb9ed3d6e4e (patch)
tree	a6612c6c674bbfdd82a75d3590cfd57c939da88e
parent	bf1d5fdf623473419f8f738fc9071fee84cb13e5 (diff)
download	firewall3-1aef9791a21e3d15d4357060f09a7bb9ed3d6e4e.tar.gz