From bce4d51a180b03e5399bcd106ce424d261f24104 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 21 Nov 2009 07:54:42 -0800
Subject: [PATCH] Allow wide MARK values in tcclasses when WIDE_TC_MARKS=Yes

---
 Shorewall/Perl/Shorewall/Tc.pm | 4 ++--
 Shorewall/changelog.txt        | 2 ++
 Shorewall/releasenotes.txt     | 3 +++
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index dd61ae7a2..e83618af6 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -648,11 +648,11 @@ sub validate_tc_class( ) {
 	if ( $devref->{classify} ) {
 	    warning_message "INTERFACE $device has the 'classify' option - MARK value ($mark) ignored";
 	} else {
-	    fatal_error "Invalid Mark ($mark)" unless $mark =~ /^([0-9]+|0x[0-9a-fA-F]+)$/ && numeric_value( $mark ) <= 0xff;
-
 	    $markval = numeric_value( $mark );
 	    fatal_error "Invalid MARK ($markval)" unless defined $markval;
 
+	    fatal_error "Invalid Mark ($mark)" unless $markval <= ( $config{WIDE_TC_MARKS} ? 0xffff : 0xff );
+
 	    if ( $classnumber ) {
 		fatal_error "Duplicate Class NUMBER ($classnumber)" if $tcref->{$classnumber};
 	    } else {
diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index f1ceb4535..a9c8ac12a 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -25,6 +25,8 @@ Changes in Shorewall 4.4.4
 
 12) Fix class number assignment when WIDE_TC_MARKS=Yes
 
+13) Allow wide marks in tcclasses when WIDE_TC_MARKS=Yes
+
 Changes in Shorewall 4.4.3
 
 1)  Move Debian INITLOG initialization to /etc/default/shorewall
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index cdb667285..e4c37dbf0 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -207,6 +207,9 @@ Shorewall 4.4.4
     Note that the class ID of the class being added is a duplicate of
     the parent's class ID.
 
+    Also, when TC_WIDE_MARKS=Yes, values > 255 in the MARK column of
+    /etc/shorewall/tcclasses were rejected.
+
 ----------------------------------------------------------------------------
              K N O W N   P R O B L E M S   R E M A I N I N G
 ----------------------------------------------------------------------------