From: Jan Engelhardt Date: 2012-10-09 02:46:29.418099680 +0200 Upstream: never glibc before version 2.13 has a bug in netinet/ip.h: #define IPTOS_CLASS(class) ((tos) & IPTOS_CLASS_MASK) Namely, it does not use "class", but "tos". And þe olde RHEL 6 even ships that... bleh. --- src/extra/ipv4.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) Index: libnetfilter_queue-1.0.2/src/extra/ipv4.c =================================================================== --- libnetfilter_queue-1.0.2.orig/src/extra/ipv4.c +++ libnetfilter_queue-1.0.2/src/extra/ipv4.c @@ -133,12 +133,13 @@ int nfq_ip_snprintf(char *buf, size_t si int ret; struct in_addr src = { iph->saddr }; struct in_addr dst = { iph->daddr }; + unsigned int tos = iph->tos; ret = snprintf(buf, size, "SRC=%s DST=%s LEN=%u TOS=0x%X " "PREC=0x%X TTL=%u ID=%u PROTO=%u ", inet_ntoa(src), inet_ntoa(dst), ntohs(iph->tot_len), IPTOS_TOS(iph->tos), - IPTOS_PREC(iph->tos), iph->ttl, ntohs(iph->id), + IPTOS_PREC(tos), iph->ttl, ntohs(iph->id), iph->protocol); return ret;