netfilter: IPv6: fix DSCP mangle code

The mask indicates the bits one wants to zero out, so it needs to be
inverted before applying to the original TOS field.

Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Fernando Luis Vazquez Cao 2011-05-10 10:00:21 +02:00 committed by Pablo Neira Ayuso
parent 4319cc0cf5
commit 1ed2f73d90

View file

@ -99,7 +99,7 @@ tos_tg6(struct sk_buff *skb, const struct xt_action_param *par)
u_int8_t orig, nv;
orig = ipv6_get_dsfield(iph);
nv = (orig & info->tos_mask) ^ info->tos_value;
nv = (orig & ~info->tos_mask) ^ info->tos_value;
if (orig != nv) {
if (!skb_make_writable(skb, sizeof(struct iphdr)))