Add mark geometry changes to Shorewall::Chains and Shorewall::Compiler

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/Shorewall/Chains.pm

@@ -1459,29 +1459,19 @@ sub mac_match( $ ) {
 #
 sub verify_mark( $ ) {
     my $mark  = $_[0];
-    my $limit;
-    my $mask;
+    my $limit = $globals{TC_MASK} | $globals{PROVIDER_MASK};
+    my $mask  = $globals{TC_MASK};
     my $value = numeric_value( $mark );
 
-    if ( $config{HIGH_ROUTE_MARKS} ) {
-	if ( $config{WIDE_TC_MARKS} ) {
-	    $limit = 0xFFFFFF;
-	    $mask  = 0xFFFF;
-	} else {
-	    $limit = 0xFFFF;
-	    $mask  = 0xFF;
-	}
-    } elsif ( $config{WIDE_TC_MARKS} ) {
-	$limit = $mask = 0x3FFF;
-    } else {
-	$limit = $mask = 0xFF;
-    }
-
     fatal_error "Invalid Mark or Mask value ($mark)"
 	unless defined( $value ) && $value <= $limit;
 
-    fatal_error "Invalid High Mark or Mask value ($mark)"
-	if ( $value > $mask && $value & $mask );
+    if ( $value > $mask ) {
+	#
+	# Not a valid TC mark -- must be a provider mark
+	#
+	fatal_error "Invalid Mark or Mask value ($mark)" unless ( $value & $globals{PROVIDER_MASK} ) == $value;
+    }
 }
 
 sub verify_small_mark( $ ) {

Shorewall/Perl/Shorewall/Compiler.pm

@@ -632,7 +632,7 @@ sub compiler {
 
     require_capability( 'MULTIPORT'       , "Shorewall $globals{VERSION}" , 's' );
     require_capability( 'RECENT_MATCH'    , 'MACLIST_TTL' , 's' )           if $config{MACLIST_TTL};
-    require_capability( 'XCONNMARK'       , 'HIGH_ROUTE_MARKS=Yes' , 's' )  if $config{HIGH_ROUTE_MARKS};
+    require_capability( 'XCONNMARK'       , 'HIGH_ROUTE_MARKS=Yes' , 's' )  if $config{PROVIDER_OFFSET} > 0;
     require_capability( 'MANGLE_ENABLED'  , 'Traffic Shaping' , 's'      )  if $config{TC_ENABLED};
 
     if ( $scriptfilename ) {