functions.m4: Correctly clear `to' network field in packet mark.

[firewall] / functions.m4

diff --git a/functions.m4 b/functions.m4
index d7b42b2..f75d16e 100644 (file)
--- a/functions.m4
+++ b/functions.m4
@@ -427,9 +427,9 @@ defnetclass () {
        from=$(( $from + $bit ))
       done
       to=$(( ($netclassindex << $BIT_TO) ))
-      tomask=$(( $MASK_MASK ^ (1 << ($netclassindex + $BIT_MASK)) ))
+      tomask=$(( $MASK_TO | $MASK_MASK ^ (1 << ($netclassindex + $BIT_MASK)) ))
       trace "from $name --> set $(printf %08x/%08x $from $frommask)"
-      trace "  to $name --> and $(printf %08x/%08x $to $tomask)"
+      trace "  to $name --> set $(printf %08x/%08x $to $tomask)"
 
       ## Now establish the mark-from-NAME and mark-to-NAME chains.
       clearchain mangle:mark-from-$name mangle:mark-to-$name