diff options
author | Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> | 2011-05-10 10:00:21 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2011-05-10 10:00:21 +0200 |
commit | 1ed2f73d90fb49bcf5704aee7e9084adb882bfc5 (patch) | |
tree | d1a42f9069ef44c5d84157192ff3b2222ab830ab /net | |
parent | 4319cc0cf5bb894b7368008cdf6dd20eb8868018 (diff) |
netfilter: IPv6: fix DSCP mangle code
The mask indicates the bits one wants to zero out, so it needs to be
inverted before applying to the original TOS field.
Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/xt_DSCP.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c index 0a229191e55b..ae8271652efa 100644 --- a/net/netfilter/xt_DSCP.c +++ b/net/netfilter/xt_DSCP.c @@ -99,7 +99,7 @@ tos_tg6(struct sk_buff *skb, const struct xt_action_param *par) u_int8_t orig, nv; orig = ipv6_get_dsfield(iph); - nv = (orig & info->tos_mask) ^ info->tos_value; + nv = (orig & ~info->tos_mask) ^ info->tos_value; if (orig != nv) { if (!skb_make_writable(skb, sizeof(struct iphdr))) |