[PATCH 19.07] libnetfilter_queue: Fix test for IPv6 header

[Etan Kissling]

This integrates an existing fix from the upstream project.

Signed-off-by: Etan Kissling <etan_kissling at apple.com>
---
 .../200-src-Fix-test-for-IPv6-header.patch    | 34 +++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 package/libs/libnetfilter-queue/patches/200-src-Fix-test-for-IPv6-header.patch

diff --git a/package/libs/libnetfilter-queue/patches/200-src-Fix-test-for-IPv6-header.patch b/package/libs/libnetfilter-queue/patches/200-src-Fix-test-for-IPv6-header.patch
new file mode 100644
index 0000000000..6e889fbdcd
--- /dev/null
+++ b/package/libs/libnetfilter-queue/patches/200-src-Fix-test-for-IPv6-header.patch
@@ -0,0 +1,34 @@
+From 12c57417585e9ddafd52135cb770823cdb8d44a1 Mon Sep 17 00:00:00 2001
+From: Duncan Roe <duncan_roe at optusnet.com.au>
+Date: Sun, 24 Nov 2019 13:33:10 +1100
+Subject: [PATCH] src: Fix test for IPv6 header
+
+Updated:
+
+ src/extra/ipv6.c: Only test the first 4 bits of the putative IPv6 header to be
+                   6, since all the other bits are up for grabs.
+                   (I have seen nonzero Flow Control on the local interface and
+                   RFC2474 & RFC3168 document Traffic Class use).
+
+Signed-off-by: Duncan Roe <duncan_roe at optusnet.com.au>
+Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
+---
+ src/extra/ipv6.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/extra/ipv6.c b/src/extra/ipv6.c
+index af307d6..f685b3b 100644
+--- a/src/extra/ipv6.c
++++ b/src/extra/ipv6.c
+@@ -45,7 +45,7 @@ struct ip6_hdr *nfq_ip6_get_hdr(struct pkt_buff *pktb)
+ 	ip6h = (struct ip6_hdr *)pktb->network_header;
+ 
+ 	/* Not IPv6 packet. */
+-	if (ip6h->ip6_flow != 0x60)
++	if ((*(uint8_t *)ip6h & 0xf0) != 0x60)
+ 		return NULL;
+ 
+ 	return ip6h;
+-- 
+2.21.1 (Apple Git-122.3)
+
-- 
2.21.1 (Apple Git-122.3)