[84/85] netfilter: IPv6: fix DSCP mangle code

From: Greg KH
Date: Thu Jun 16 2011 - 03:12:28 EST

2.6.33-longterm review patch. If anyone has any objections, please let us know.


From: Fernando Luis Vazquez Cao <fernando@xxxxxxxxxxxxx>

commit 1ed2f73d90fb49bcf5704aee7e9084adb882bfc5 upstream.

The mask indicates the bits one wants to zero out, so it needs to be
inverted before applying to the original TOS field.

Signed-off-by: Fernando Luis Vazquez Cao <fernando@xxxxxxxxxxxxx>
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

net/netfilter/xt_DSCP.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/net/netfilter/xt_DSCP.c
+++ b/net/netfilter/xt_DSCP.c
@@ -99,7 +99,7 @@ tos_tg6(struct sk_buff *skb, const struc
u_int8_t orig, nv;

orig = ipv6_get_dsfield(iph);
- nv = (orig & info->tos_mask) ^ info->tos_value;
+ nv = (orig & ~info->tos_mask) ^ info->tos_value;

if (orig != nv) {
if (!skb_make_writable(skb, sizeof(struct iphdr)))

