netfilter: IPv6: fix DSCP mangle code
The mask indicates the bits one wants to zero out, so it needs to be inverted before applying to the original TOS field. Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
4319cc0cf5
commit
1ed2f73d90
1 changed files with 1 additions and 1 deletions
|
@ -99,7 +99,7 @@ tos_tg6(struct sk_buff *skb, const struct xt_action_param *par)
|
|||
u_int8_t orig, nv;
|
||||
|
||||
orig = ipv6_get_dsfield(iph);
|
||||
nv = (orig & info->tos_mask) ^ info->tos_value;
|
||||
nv = (orig & ~info->tos_mask) ^ info->tos_value;
|
||||
|
||||
if (orig != nv) {
|
||||
if (!skb_make_writable(skb, sizeof(struct iphdr)))
|
||||
|
|
Loading…
Reference in a new issue