From: Fernando Luis Vazquez Cao <fernando@xxxxxxxxxxxxx>
The mask indicates the bits one wants to zero out, so it needs to be
inverted before applying to the original TOS field.
The following Linux kernels are affected: <= 2.6.38.8
Cc: stable@xxxxxxxxxx
Signed-off-by: Fernando Luis Vazquez Cao <fernando@xxxxxxxxxxxxx>
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
(cherry picked from commit 1ed2f73d90fb49bcf5704aee7e9084adb882bfc5)
---
net/netfilter/xt_DSCP.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c
index 0a22919..ae82716 100644
--- a/net/netfilter/xt_DSCP.c
+++ b/net/netfilter/xt_DSCP.c
@@ -99,7 +99,7 @@ tos_tg6(struct sk_buff *skb, const struct xt_action_param *par)
u_int8_t orig, nv;
orig = ipv6_get_dsfield(iph);
- nv = (orig & info->tos_mask) ^ info->tos_value;
+ nv = (orig & ~info->tos_mask) ^ info->tos_value;
if (orig != nv) {
if (!skb_make_writable(skb, sizeof(struct iphdr)))
--
1.7.2.5
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
