From 37057feb80bf6ab5c3a120a023a3ad6eeaa5ffec Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Tue, 13 Jan 2026 08:42:36 +0100 Subject: [PATCH] BUG/MINOR: net_helper: fix IPv6 header length processing The IPv6 header contains a payload length that excludes the 40 bytes of IPv6 packet header, which differs from IPv4's total length which includes it. As a result, the parser was wrong and would only see the IP part and not the TCP one unless sufficient options were present tocover it. This issue came in 3.4-dev2 with recent commit e88e03a6e4 ("MINOR: net_helper: add ip.fp() to build a simplified fingerprint of a SYN"), so no backport is needed. --- src/net_helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/net_helper.c b/src/net_helper.c index 19cea3a6d..c2cbde5a6 100644 --- a/src/net_helper.c +++ b/src/net_helper.c @@ -706,7 +706,7 @@ static int sample_conv_ip_fp(const struct arg *arg_p, struct sample *smp, void * if (smp->data.u.str.data < 40) return 0; - pktlen = read_n16(smp->data.u.str.area + 4); + pktlen = 40 + read_n16(smp->data.u.str.area + 4); // extension/next proto => ext present if !tcp && !udp ipext = smp->data.u.str.area[6]; ipext = ipext != 6 && ipext != 17;