| From a979bfe773f10601ed685c16813dd583d5c10d48 Mon Sep 17 00:00:00 2001 |
| From: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> |
| Date: Tue, 10 May 2011 10:00:21 +0200 |
| Subject: [PATCH] netfilter: IPv6: fix DSCP mangle code |
| |
| commit 1ed2f73d90fb49bcf5704aee7e9084adb882bfc5 upstream. |
| |
| The mask indicates the bits one wants to zero out, so it needs to be |
| inverted before applying to the original TOS field. |
| |
| Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> |
| Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| --- |
| net/netfilter/xt_DSCP.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c |
| index 74ce892..5ec6374 100644 |
| --- a/net/netfilter/xt_DSCP.c |
| +++ b/net/netfilter/xt_DSCP.c |
| @@ -99,7 +99,7 @@ tos_tg6(struct sk_buff *skb, const struct xt_target_param *par) |
| u_int8_t orig, nv; |
| |
| orig = ipv6_get_dsfield(iph); |
| - nv = (orig & info->tos_mask) ^ info->tos_value; |
| + nv = (orig & ~info->tos_mask) ^ info->tos_value; |
| |
| if (orig != nv) { |
| if (!skb_make_writable(skb, sizeof(struct iphdr))) |
| -- |
| 1.7.9.3 |
| |
