netfilter/IPv6: fix DSCP mangle code

Submitter	Fernando Luis Vázquez Cao
Date	April 22, 2011, 7:02 a.m.
Message ID	<1303455759.2023.39.camel@nausicaa>
Download	mbox \| patch
Permalink	/patch/92504/
State	Not Applicable
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> Subject: [PATCH] netfilter/IPv6: fix DSCP mangle code From: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> To: netdev@vger.kernel.org Cc: davem@davemloft.net, yoshfuji@linux-ipv6.org, jengelh@medozas.de Content-Type: text/plain; charset="UTF-8" Organization: =?iso-2022-jp?Q?NTT=1B$B%*!=3C%W%s%=3D!=3C%9=1B=28B?= =?iso-2022-jp?Q?=1B$B%=3D%U%H%&%'%=22%=3B%s=1B=28B?= =?iso-2022-jp?Q?=1B$B%=3F=1B=28B?= Date: Fri, 22 Apr 2011 16:02:39 +0900 Message-ID: <1303455759.2023.39.camel@nausicaa> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: netdev-owner@vger.kernel.org Precedence: bulk

Comments

Fernando Luis Vázquez Cao - April 22, 2011, 7:02 a.m.

The mask indicates the bits one wants to zero out, so it needs to be
inverted before applying to the original TOS field.

Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
---



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Fernando Luis Vázquez Cao - April 22, 2011, 7:29 a.m.

On Fri, 2011-04-22 at 00:08 -0700, David Miller wrote:
> From: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
> Date: Fri, 22 Apr 2011 16:02:39 +0900
> 
> > The mask indicates the bits one wants to zero out, so it needs to be
> > inverted before applying to the original TOS field.
> > 
> > Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
> > ---
> 
> Netfilter patches should be sent to the netfilter developer
> list, CC:'d

Thank you for the heads-up, David.

By the way, I have just sent one more patch that fixes what I think is
another netfilter bug. If everyone is ok with these two patches it would
be great if we could get them merged for the next -rc release (we hit
these bugs in our production systems).

Regards,
Fernando

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff -urNp linux-2.6.37-orig/net/netfilter/xt_DSCP.c linux-2.6.37/net/netfilter/xt_DSCP.c
--- linux-2.6.37-orig/net/netfilter/xt_DSCP.c	2011-01-05 09:50:19.000000000 +0900
+++ linux-2.6.37/net/netfilter/xt_DSCP.c	2011-04-21 16:01:25.801890733 +0900
@@ -99,7 +99,7 @@  tos_tg6(struct sk_buff *skb, const struc
 	u_int8_t orig, nv;
 
 	orig = ipv6_get_dsfield(iph);
-	nv   = (orig & info->tos_mask) ^ info->tos_value;
+	nv   = (orig & ~info->tos_mask) ^ info->tos_value;
 
 	if (orig != nv) {
 		if (!skb_make_writable(skb, sizeof(struct iphdr)))

Patchwork netfilter/IPv6: fix DSCP mangle code

Comments

Patch