From 0aa5cb5086575e7605c39488e12afb7a585003fd Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 7 Sep 2015 11:29:24 -0700
Subject: [PATCH] Allow non-experts to use the user bits in the fw mark

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm | 2 +-
 Shorewall/Perl/Shorewall/Config.pm | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index ca564d328..32b919fee 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -4855,7 +4855,7 @@ sub validate_mark( $ ) {
 
 sub verify_small_mark( $ ) {
     my $val = validate_mark ( (my $mark) = $_[0] );
-    fatal_error "Mark value ($mark) too large" if numeric_value( $mark ) > $globals{TC_MAX};
+    fatal_error "Mark value ($mark) too large" if numeric_value( $mark ) > $globals{SMALL_MASK};
     $val;
 }
 
diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index 766f26199..4331bea47 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -5902,6 +5902,10 @@ sub get_configuration( $$$$$ ) {
 	$globals{USER_MASK} = $globals{USER_BITS} = 0;
     }
 
+    $val = $config{PROVIDER_OFFSET};
+
+    $globals{SMALL_MASK} = $val ? make_mask( $val ) : $globals{TC_MASK}; 
+
     if ( supplied ( $val = $config{ZONE2ZONE} ) ) {
 	fatal_error "Invalid ZONE2ZONE value ( $val )" unless $val =~ /^[2-]$/;
     } else {