netfilter: IPv6: fix DSCP mangle code

commit 1ed2f73d90fb49bcf5704aee7e9084adb882bfc5 upstream. The mask indicates the bits one wants to zero out, so it needs to be inverted before applying to the original TOS field. Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Andi Kleen <ak@linux.intel.com>
author: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> 2011-05-10 10:00:21 +0200
committer: Andi Kleen <ak@linux.intel.com> 2011-08-01 13:54:56 -0700
commit: 68b05c3c9f020650fbb69984eefe780bfec80a69 (patch)
tree: 1f3c5002ced75ce9f3781751c309bcc35f7a9eaa /net
parent: 5ee8f122be3b022ebbfa365c124d541dab5bebbd (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c
index 0a229191e55b..ae8271652efa 100644
--- a/net/netfilter/xt_DSCP.c
+++ b/net/netfilter/xt_DSCP.c
@@ -99,7 +99,7 @@ tos_tg6(struct sk_buff *skb, const struct xt_action_param *par)
 	u_int8_t orig, nv;
 
 	orig = ipv6_get_dsfield(iph);
-	nv   = (orig & info->tos_mask) ^ info->tos_value;
+	nv   = (orig & ~info->tos_mask) ^ info->tos_value;
 
 	if (orig != nv) {
 		if (!skb_make_writable(skb, sizeof(struct iphdr)))
author	Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>	2011-05-10 10:00:21 +0200
committer	Andi Kleen <ak@linux.intel.com>	2011-08-01 13:54:56 -0700
commit	68b05c3c9f020650fbb69984eefe780bfec80a69 (patch)
tree	1f3c5002ced75ce9f3781751c309bcc35f7a9eaa /net
parent	5ee8f122be3b022ebbfa365c124d541dab5bebbd (diff)