summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>2011-05-10 12:00:21 +0400
committerPablo Neira Ayuso <pablo@netfilter.org>2011-05-10 12:00:21 +0400
commit1ed2f73d90fb49bcf5704aee7e9084adb882bfc5 (patch)
treed1a42f9069ef44c5d84157192ff3b2222ab830ab
parent4319cc0cf5bb894b7368008cdf6dd20eb8868018 (diff)
downloadlinux-1ed2f73d90fb49bcf5704aee7e9084adb882bfc5.tar.xz
netfilter: IPv6: fix DSCP mangle code
The mask indicates the bits one wants to zero out, so it needs to be inverted before applying to the original TOS field. Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--net/netfilter/xt_DSCP.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c
index 0a229191e55b..ae8271652efa 100644
--- a/net/netfilter/xt_DSCP.c
+++ b/net/netfilter/xt_DSCP.c
@@ -99,7 +99,7 @@ tos_tg6(struct sk_buff *skb, const struct xt_action_param *par)
u_int8_t orig, nv;
orig = ipv6_get_dsfield(iph);
- nv = (orig & info->tos_mask) ^ info->tos_value;
+ nv = (orig & ~info->tos_mask) ^ info->tos_value;
if (orig != nv) {
if (!skb_make_writable(skb, sizeof(struct iphdr)))