From 8263ea131296ca554f10877bc3b1c63a937f46ec Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Wed, 25 Nov 2009 12:18:08 -0800
Subject: [PATCH] Limit providers to 15

---
 Shorewall/Perl/Shorewall/Providers.pm | 1 +
 Shorewall/changelog.txt               | 2 ++
 Shorewall/releasenotes.txt            | 8 ++++++++
 3 files changed, 11 insertions(+)

diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm
index f47b6d58d..ad3a76980 100644
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -311,6 +311,7 @@ sub add_a_provider( ) {
 	    }
 	} else {
 	    fatal_error "Invalid Mark Value ($mark)" unless $config{HIGH_ROUTE_MARKS} && $config{WIDE_TC_MARKS};
+	    fatal_error "Invalid Mark Value ($mark)" if $val > 0xf0000;
 	}
 
 	for my $providerref ( values %providers  ) {
diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index 043074171..ffd4e6f7e 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -12,6 +12,8 @@ Changes in Shorewall 4.4.5
 
 6)  Fix 'show policies' in Shorewall6.
 
+7)  Limit the maximum provider mark to 0xf0000.
+
 Changes in Shorewall 4.4.4
 
 1)  Change STARTUP_LOG and LOG_VERBOSITY in default shorewall6.conf.
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 8702f35cf..b5f8bc31a 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -173,6 +173,10 @@ Shorewall 4.4.5
     default. If, for some reason, you don't want 'track' then specify
     'notrack' for the provider.
 
+14) With HIGH_ROUTE_MARKS=Yes and WIDE_TC_MARKS=Yes, the maximum
+    provider mark value is 0xf0000. This limits the number of providers
+    to 15.
+
 ----------------------------------------------------------------------------
           P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 5
 ----------------------------------------------------------------------------
@@ -230,6 +234,10 @@ None.
     	     $FW             dmz             REJECT          info
     	     $FW             all             ACCEPT
 
+3)  With HIGH_ROUTE_MARKS=Yes and WIDE_TC_MARKS=Yes, the maximum
+    provider mark value is now 0xf0000. This limits the number of
+    providers to 15.
+
 ----------------------------------------------------------------------------
                 N E W   F E A T U R E S   I N   4 . 4 . 0
 ----------------------------------------------------------------------------