From: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
Date: Tue, 10 May 2011 08:00:21 +0000 (+0200)
Subject: netfilter: IPv6: fix DSCP mangle code
X-Git-Tag: Ubuntu-5.10.0-12.13~24506^2^2~1
X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=1ed2f73d90fb49bcf5704aee7e9084adb882bfc5;p=mirror_ubuntu-hirsute-kernel.git

netfilter: IPv6: fix DSCP mangle code

The mask indicates the bits one wants to zero out, so it needs to be
inverted before applying to the original TOS field.

Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c
index 0a229191e55b..ae8271652efa 100644
--- a/net/netfilter/xt_DSCP.c
+++ b/net/netfilter/xt_DSCP.c
@@ -99,7 +99,7 @@ tos_tg6(struct sk_buff *skb, const struct xt_action_param *par)
 	u_int8_t orig, nv;
 
 	orig = ipv6_get_dsfield(iph);
-	nv   = (orig & info->tos_mask) ^ info->tos_value;
+	nv   = (orig & ~info->tos_mask) ^ info->tos_value;
 
 	if (orig != nv) {
 		if (!skb_make_writable(skb, sizeof(struct iphdr)))