diff --git a/doc/changelog.txt b/doc/changelog.txt
index 2839dee..5b958c9 100644
--- a/doc/changelog.txt
+++ b/doc/changelog.txt
@@ -3,6 +3,8 @@
 - fuzzy: need to account for kernel-level modified variables in .userspacesize
 - geoip: remove XT_ALIGN from .userspacesize when used with offsetof
 - SYSRQ: ignore non-UDP packets
+- SYSRQ: do proper L4 header access in IPv6 code
+  (must not use tcp/udp_hdr in input path)
 - add "STEAL" target
 - dhcpmac: rename from dhcpaddr
 
diff --git a/extensions/xt_SYSRQ.c b/extensions/xt_SYSRQ.c
index dc310ee..2e0e6be 100644
--- a/extensions/xt_SYSRQ.c
+++ b/extensions/xt_SYSRQ.c
@@ -203,7 +203,7 @@ sysrq_tg4(struct sk_buff **pskb, const struct xt_target_param *par)
 	if (iph->protocol != IPPROTO_UDP)
 		return NF_ACCEPT; /* sink it */
 
-	udph = (void *)iph + ip_hdrlen(skb);
+	udph = (const void *)iph + ip_hdrlen(skb);
 	len  = ntohs(udph->len) - sizeof(struct udphdr);
 
 	if (sysrq_debug)
@@ -232,7 +232,7 @@ sysrq_tg6(struct sk_buff **pskb, const struct xt_target_param *par)
 	    frag_off > 0)
 		return NF_ACCEPT; /* sink it */
 
-	udph = udp_hdr(skb);
+	udph = (const void *)iph + th_off;
 	len  = ntohs(udph->len) - sizeof(struct udphdr);
 
 	if (sysrq_debug)