From d2d13c11a751e617e358b78b2c2f7fdaf2fefff5 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 11 Sep 2010 09:34:32 -0700
Subject: [PATCH] First fix for SAME in 4.4.12

---
 Shorewall/Perl/Shorewall/Providers.pm | 8 ++++----
 Shorewall/Perl/Shorewall/Tc.pm        | 2 ++
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm
index ca4df0203..d05ba1670 100644
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -959,12 +959,12 @@ sub handle_stickiness( $ ) {
 			$rule1 =~ s/-j sticky/-m mark --mark $mark\/$mask -m recent --name $list --set/;
 		    }
 
-		    $rule1 =~ s/-A tcpre //;
+		    $rule1 =~ s/-A //;
 
 		    add_rule $chainref, $rule1;
 
 		    if ( $rule2 ) {
-			$rule2 =~ s/-A tcpre //;
+			$rule2 =~ s/-A //;
 			add_rule $chainref, $rule2;
 		    }
 		}
@@ -986,12 +986,12 @@ sub handle_stickiness( $ ) {
 			$rule1 =~ s/-j sticko/-m mark --mark $mark -m recent --name $list --rdest --set/;
 		    }
 
-		    $rule1 =~ s/-A tcout //;
+		    $rule1 =~ s/-A //;
 
 		    add_rule $chainref, $rule1;
 
 		    if ( $rule2 ) {
-			$rule2 =~ s/-A tcout //;
+			$rule2 =~ s/-A //;
 			add_rule $chainref, $rule2;
 		    }
 		}
diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index 39416844a..697e46c6f 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -275,6 +275,8 @@ sub process_tc_rule( ) {
 			    fatal_error "SAME rules are only allowed in the PREROUTING and OUTPUT chains" if $chain ne 'tcpre';
 			}
 
+			ensure_mangle_chain( $target );
+
 			$sticky++;
 		    } elsif ( $target eq 'IPMARK ' ) {
 			my ( $srcdst, $mask1, $mask2, $shift ) = ('src', 255, 0, 0 );