From 1aef9791a21e3d15d4357060f09a7bb9ed3d6e4e Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@nbd.name>
Date: Fri, 18 Oct 2024 08:00:20 +0200
Subject: [PATCH] defaults.c: fix ipv6 flow offloading

The xt_FLOWOFFLOAD target expects that par->thoff points to the beginning
of the TCP header. For IPv4 that is always the case. However, on IPv6, the
field is only initialized, if a protocol match was performed.
Simply matching any protocol (protocol = 0) is enough to trigger the thoff
initialization, so add it to the emitted rule.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
 defaults.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/defaults.c b/defaults.c
index 8a9a929..66fbc96 100644
--- a/defaults.c
+++ b/defaults.c
@@ -251,7 +251,10 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle,
 
 		if (defs->flow_offloading)
 		{
+			struct fw3_protocol any = {};
+
 			r = fw3_ipt_rule_new(handle);
+			fw3_ipt_rule_proto(r, &any);
 			fw3_ipt_rule_comment(r, "Traffic offloading");
 			fw3_ipt_rule_extra(r, "-m conntrack --ctstate RELATED,ESTABLISHED");
 			fw3_ipt_rule_target(r, "FLOWOFFLOAD");
-- 
2.30.2