Zero value is logged instead of TOS ip header field. It is caused by use of ntohs() function for __u8 type of tos field of struct iphdr, so the real value is lost on little endian architectures. Here is a patch to fix it: diff -rc ulogd-1.02/extensions/ulogd_BASE.c ulogd-1.02-tosfix/extensions/ulogd_BASE.c *** ulogd-1.02/extensions/ulogd_BASE.c 2003-08-23 19:46:45.000000000 +0200 --- ulogd-1.02-tosfix/extensions/ulogd_BASE.c 2005-10-19 18:32:04.000000000 +0200 *************** *** 173,179 **** ret[1].flags |= ULOGD_RETF_VALID; ret[2].value.ui8 = iph->protocol; ret[2].flags |= ULOGD_RETF_VALID; ! ret[3].value.ui8 = ntohs(iph->tos); ret[3].flags |= ULOGD_RETF_VALID; ret[4].value.ui8 = iph->ttl; ret[4].flags |= ULOGD_RETF_VALID; --- 173,179 ---- ret[1].flags |= ULOGD_RETF_VALID; ret[2].value.ui8 = iph->protocol; ret[2].flags |= ULOGD_RETF_VALID; ! ret[3].value.ui8 = iph->tos; ret[3].flags |= ULOGD_RETF_VALID; ret[4].value.ui8 = iph->ttl; ret[4].flags |= ULOGD_RETF_VALID;
Re-assign.
Thanks for the patch, but we need in it in unified diff format (diff -ur)