From dbc9f6ac8fa164a157239401af87fbf51f29ecd2 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 11 Sep 2010 08:56:22 -0700 Subject: [PATCH] Correct handling of SAME Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Providers.pm | 4 ++-- Shorewall/Perl/Shorewall/Tc.pm | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index d39ded76d..1f211337b 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -1004,12 +1004,12 @@ sub handle_stickiness( $ ) { $rule1 =~ s/-j sticky/-m mark --mark $mark\/$mask -m recent --name $list --set/; } - $rule1 =~ s/-A tcpre //; + $rule1 =~ s/-A //; add_rule $chainref, $rule1; if ( $rule2 ) { - $rule2 =~ s/-A tcpre //; + $rule2 =~ s/-A //; add_rule $chainref, $rule2; } } diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index 8b8560ab0..4a49f2fcb 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -294,6 +294,8 @@ sub process_tc_rule( ) { fatal_error "SAME rules are only allowed in the PREROUTING and OUTPUT chains" if $chain ne 'tcpre'; } + ensure_mangle_chain($target); + $sticky++; } elsif ( $target eq 'IPMARK ' ) { my ( $srcdst, $mask1, $mask2, $shift ) = ('src', 255, 0, 0 ); @@ -398,6 +400,8 @@ sub process_tc_rule( ) { } } + $target =~ s/ +$// if $mark eq ''; + if ( ( my $result = expand_rule( ensure_chain( 'mangle' , $chain ) , $restrictions{$chain} , do_proto( $proto, $ports, $sports) . @@ -410,7 +414,7 @@ sub process_tc_rule( ) { $source , $dest , '' , - "$target $mark" , + $mark ? "$target $mark" : $target, '' , $target , '' ) )