From 081a387f1d503b7dccf8d9f9b216394800e89ac6 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 3 Feb 2014 14:59:27 -0800
Subject: [PATCH] Fix some bugs in basic filter generation.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Tc.pm | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index 80a2507ff..d5d7240a0 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -2359,13 +2359,13 @@ sub process_tc_filter2( $$$$$$$$$ ) {
 		$rule .= "\\\n   \\(" if @typelist > 1;
 
 		for my $type ( @typelist ) {
-		    my ( $icmptype , $icmpcode ) = split '/', validate_icmp\\( $type );
+		    my ( $icmptype , $icmpcode ) = split '/', validate_icmp( $type );
 
-		    $rule .= "\\\n   cmp\\( u16 at 0 layer 2 mask 0xffff eq " . in_hex4( ( $icmptype << 8 ) | $icmpcode );
+		    $rule .= "\\\n   cmp\\( u16 at 0 layer 2 mask 0xffff eq " . in_hex4( ( $icmptype << 8 ) | ( $icmpcode || 0 ) ) . ' \\)';
 		    $rule .= ' or' if @typelist > 1;
 		}
 
-		$rule .= "\\\n(" if @typelist > 1;
+		$rule .= "\\\n)" if @typelist > 1;
 
 	    } elsif ( $protonumber == IPv6_ICMP ) {
 		fatal_error "IPv6 ICMP not allowed with IPv4" unless $family == F_IPV4;
@@ -2379,11 +2379,11 @@ sub process_tc_filter2( $$$$$$$$$ ) {
 
 		    my ( $icmptype , $icmpcode ) = split '/', validate_icmp6( $type );
 
-		    $rule .= "\\\n   cmp\\( u16 at 0 layer 2 mask 0xffff eq " . in_hex4( ( $icmptype << 8 ) | $icmpcode );
+		    $rule .= "\\\n   cmp\\( u16 at 0 layer 2 mask 0xffff eq " . in_hex4( ( $icmptype << 8 ) | ( $icmpcode || 0 ) ) . ' \\)';
 		    $rule .= ' or' if @typelist > 1;
 		}
 
-		$rule .= "\\\n(" if @typelist > 1;
+		$rule .= "\\\n)" if @typelist > 1;
 	    } else {
 		my @portlist; 
 		my $multiple;
@@ -2394,7 +2394,7 @@ sub process_tc_filter2( $$$$$$$$$ ) {
 
 		while ( @portlist ) {
 		    my ( $port, $mask ) = ( shift @portlist, shift @portlist );
-		    $rule .= "\\\n   cmp\\( u16 at 2 layer 2 mask $mask eq 0x$port \\)";
+		    $rule .= "\\\n   cmp\\( u16 at 2 layer 2 mask 0x$mask eq 0x$port \\)";
 		    $rule .= ' or' if @portlist;
 		}
 
@@ -2409,7 +2409,7 @@ sub process_tc_filter2( $$$$$$$$$ ) {
 
 		    while ( @portlist ) {
 			my ( $sport, $smask ) = ( shift @portlist, shift @portlist );
-			$rule .= "\\\n   cmp\\( u16 at 0 layer 2 mask $smask eq 0xsport \\)";
+			$rule .= "\\\n   cmp\\( u16 at 0 layer 2 mask 0x$smask eq 0xsport \\)";
 			$rule .= ' or' if @portlist;
 		    }