netfilter: IPv6: fix DSCP mangle code

commit 1ed2f73d90fb49bcf5704aee7e9084adb882bfc5 upstream. The mask indicates the bits one wants to zero out, so it needs to be inverted before applying to the original TOS field. Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
author: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> 2011-05-10 10:00:21 +0200
committer: Greg Kroah-Hartman <gregkh@suse.de> 2011-06-23 15:28:42 -0700
commit: 3f6c2552619fd19afabfc76c48fe4a3d3cf93d0a (patch)
tree: bd17880a90c6b16c5efe37bb4af69542a6478c38
parent: fd1aa48ee98eb70abeb51f8bbe1700393980f05b (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c
index 74ce89260056..5ec637458439 100644
--- a/net/netfilter/xt_DSCP.c
+++ b/net/netfilter/xt_DSCP.c
@@ -99,7 +99,7 @@ tos_tg6(struct sk_buff *skb, const struct xt_target_param *par)
 	u_int8_t orig, nv;
 
 	orig = ipv6_get_dsfield(iph);
-	nv   = (orig & info->tos_mask) ^ info->tos_value;
+	nv   = (orig & ~info->tos_mask) ^ info->tos_value;
 
 	if (orig != nv) {
 		if (!skb_make_writable(skb, sizeof(struct iphdr)))
author	Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>	2011-05-10 10:00:21 +0200
committer	Greg Kroah-Hartman <gregkh@suse.de>	2011-06-23 15:28:42 -0700
commit	3f6c2552619fd19afabfc76c48fe4a3d3cf93d0a (patch)
tree	bd17880a90c6b16c5efe37bb4af69542a6478c38
parent	fd1aa48ee98eb70abeb51f8bbe1700393980f05b (diff)