From 894a98f24e5a93d58a1a01f8fbb80fec85480799 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 4 Feb 2016 12:00:05 -0800
Subject: [PATCH] Improve optimizer handling of origin during rule merge

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 409cc1df4..c5bfafdc1 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -1191,6 +1191,8 @@ sub merge_rules( $$$ ) {
 	$toref->{comment} = $fromref->{comment} if exists $fromref->{comment};
     }
 
+    $toref->{origin} = $fromref->{origin} if $fromref->{origin};
+
     $toref->{target} = $target;
 
     if ( my $targetref = $tableref->{$target} ) {
@@ -3106,8 +3108,8 @@ sub calculate_digest( $ ) {
 #
 # Replace jumps to the passed chain with jumps to the passed target
 #
-sub replace_references( $$$$;$ ) {
-    my ( $chainref, $target, $targetopts, $comment, $digest ) = @_;
+sub replace_references( $$$$$;$ ) {
+    my ( $chainref, $target, $targetopts, $comment, $origin, $digest ) = @_;
     my $tableref  = $chain_table{$chainref->{table}};
     my $count     = 0;
     my $name      = $chainref->{name};
@@ -3125,6 +3127,7 @@ sub replace_references( $$$$;$ ) {
 		    $_->{target}     = $target;
 		    $_->{targetopts} = $targetopts if $targetopts;
 		    $_->{comment}    = $comment unless $_->{comment};
+		    $_->{origin}     = $origin if $origin;
 
 		    if ( $targetref ) {
 			add_reference ( $fromref, $targetref );
@@ -3375,7 +3378,8 @@ sub optimize_level4( $$ ) {
 				replace_references( $chainref,
 						    $firstrule->{target},
 						    $firstrule->{targetopts},
-						    $firstrule->{comment} );
+						    $firstrule->{comment},
+						    $firstrule->{origin} );
 				$progress = 1;
 			    }
 			} elsif ( $firstrule->{target} ) {
@@ -3595,7 +3599,7 @@ sub optimize_level8( $$$ ) {
 		if ( $chainref->{digest} eq $chainref1->{digest} ) {
 		    progress_message "  Chain $chainref1->{name} combined with $chainref->{name}";
 		    $progress = 1;
-		    replace_references $chainref1, $chainref->{name}, undef, '', 1;
+		    replace_references $chainref1, $chainref->{name}, undef, '', '', 1;
 
 		    unless ( $chainref->{name} =~ /^~/ || $chainref1->{name} =~ /^%/ ) {
 			#