Correct handling of SAME

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/Shorewall/Providers.pm

@@ -1004,12 +1004,12 @@ sub handle_stickiness( $ ) {
 			$rule1 =~ s/-j sticky/-m mark --mark $mark\/$mask -m recent --name $list --set/;
 		    }
 
-		    $rule1 =~ s/-A tcpre //;
+		    $rule1 =~ s/-A //;
 
 		    add_rule $chainref, $rule1;
 
 		    if ( $rule2 ) {
-			$rule2 =~ s/-A tcpre //;
+			$rule2 =~ s/-A //;
 			add_rule $chainref, $rule2;
 		    }
 		}

Shorewall/Perl/Shorewall/Tc.pm

@@ -294,6 +294,8 @@ sub process_tc_rule( ) {
 			    fatal_error "SAME rules are only allowed in the PREROUTING and OUTPUT chains" if $chain ne 'tcpre';
 			}
 
+			ensure_mangle_chain($target);
+
 			$sticky++;
 		    } elsif ( $target eq 'IPMARK ' ) {
 			my ( $srcdst, $mask1, $mask2, $shift ) = ('src', 255, 0, 0 );
@@ -398,6 +400,8 @@ sub process_tc_rule( ) {
 	}
     }
 
+    $target =~ s/ +$// if $mark eq '';
+
     if ( ( my $result = expand_rule( ensure_chain( 'mangle' , $chain ) ,
 				     $restrictions{$chain} ,
 				     do_proto( $proto, $ports, $sports) .
@@ -410,7 +414,7 @@ sub process_tc_rule( ) {
 				     $source ,
 				     $dest ,
 				     '' ,
-				     "$target $mark" ,
+				     $mark ? "$target $mark" : $target,
 				     '' ,
 				     $target ,
 				     '' ) )