From e3c2e7ef64f9ca378380112d82977a73536c215c Mon Sep 17 00:00:00 2001
From: Patrick McHardy <kaber@trash.net>
Date: Tue, 24 Oct 2006 16:14:04 -0700
Subject: [PATCH] --- yaml --- r: 40261 b: refs/heads/master c:
 51d8b1a65291a6956b79374b6adbbadc2263bcf6 h: refs/heads/master i:   40259:
 9232015ddbd8656e501019587f18e417789d7b65 v: v3

---
 [refs]                                |  2 +-
 trunk/net/ipv6/netfilter/ip6_tables.c | 10 ++++++----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/[refs] b/[refs]
index c12ad2c110f6..110193056b6b 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 2fab22f2d3290ff7c602fe62f22e825c48e97a06
+refs/heads/master: 51d8b1a65291a6956b79374b6adbbadc2263bcf6
diff --git a/trunk/net/ipv6/netfilter/ip6_tables.c b/trunk/net/ipv6/netfilter/ip6_tables.c
index 4ab368fa0b8f..f0328c7bc1c9 100644
--- a/trunk/net/ipv6/netfilter/ip6_tables.c
+++ b/trunk/net/ipv6/netfilter/ip6_tables.c
@@ -111,7 +111,7 @@ ip6_packet_match(const struct sk_buff *skb,
 		 const char *outdev,
 		 const struct ip6t_ip6 *ip6info,
 		 unsigned int *protoff,
-		 int *fragoff)
+		 int *fragoff, int *hotdrop)
 {
 	size_t i;
 	unsigned long ret;
@@ -169,9 +169,11 @@ ip6_packet_match(const struct sk_buff *skb,
 		unsigned short _frag_off;
 
 		protohdr = ipv6_find_hdr(skb, protoff, -1, &_frag_off);
-		if (protohdr < 0)
+		if (protohdr < 0) {
+			if (_frag_off == 0)
+				*hotdrop = 1;
 			return 0;
-
+		}
 		*fragoff = _frag_off;
 
 		dprintf("Packet protocol %hi ?= %s%hi.\n",
@@ -290,7 +292,7 @@ ip6t_do_table(struct sk_buff **pskb,
 		IP_NF_ASSERT(e);
 		IP_NF_ASSERT(back);
 		if (ip6_packet_match(*pskb, indev, outdev, &e->ipv6,
-			&protoff, &offset)) {
+			&protoff, &offset, &hotdrop)) {
 			struct ip6t_entry_target *t;
 
 			if (IP6T_MATCH_ITERATE(e, do_match,