From dbfc8057077950a909d27a5ce1b00f802730a1ff Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 25 Nov 2012 08:10:53 -0800
Subject: [PATCH] Add 'IU' state in secmarks

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Tc.pm              |  1 +
 Shorewall/manpages/shorewall-secmarks.xml   |  4 +++-
 Shorewall6/manpages/shorewall6-secmarks.xml | 11 ++++++++---
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index 20147f5d7..f85e55e76 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -2222,6 +2222,7 @@ sub process_secmark_rule() {
     my %state = ( N   => 'NEW' ,
 		  I   => 'INVALID',
 		  U   => 'UNTRACKED',
+		  IU  => 'INVALID,UNTRACKED',
 		  NI  => 'NEW,INVALID',
 		  NU  => 'NEW,UNTRACKED',
 		  NIU => 'NEW,INVALID,UNTRACKED',
diff --git a/Shorewall/manpages/shorewall-secmarks.xml b/Shorewall/manpages/shorewall-secmarks.xml
index af0d49a4e..1d45d53cb 100644
--- a/Shorewall/manpages/shorewall-secmarks.xml
+++ b/Shorewall/manpages/shorewall-secmarks.xml
@@ -92,7 +92,7 @@
 
       <varlistentry>
         <term><emphasis role="bold">CHAIN:STATE (chain) -
-        {P|I|F|O|T}[:{N|I|U|NI|NU|NIU|NUI:E|ER}]</emphasis></term>
+        {P|I|F|O|T}[:{N|I|U|IU|NI|NU|NIU|NUI:E|ER}]</emphasis></term>
 
         <listitem>
           <para>This column determines the CHAIN where the SElinux context is
@@ -132,6 +132,8 @@
           <simplelist>
             <member>:U - UNTRACKED connection</member>
 
+            <member>:IU - INVALID or UNTRACKED connection</member>
+
             <member>:NU - NEW or UNTRACKED connection</member>
 
             <member>:NIU - NEW, INVALID or UNTRACKED connection.</member>
diff --git a/Shorewall6/manpages/shorewall6-secmarks.xml b/Shorewall6/manpages/shorewall6-secmarks.xml
index a39a1b3de..380997fa6 100644
--- a/Shorewall6/manpages/shorewall6-secmarks.xml
+++ b/Shorewall6/manpages/shorewall6-secmarks.xml
@@ -91,10 +91,13 @@
       </varlistentry>
 
       <varlistentry>
-        <term><emphasis role="bold">CHAIN -
-        {P|I|F|O|T}[:{N|I|NI|E|ER}]</emphasis></term>
+        <term><emphasis role="bold">CHAIN:STATE (chain) -
+        {P|I|F|O|T}[:{N|I|U|IU|NI|NU|NIU|NUI:E|ER}]</emphasis></term>
 
         <listitem>
+          <para>This column determines the CHAIN where the SElinux context is
+          to be applied:</para>
+
           <simplelist>
             <member>P - PREROUTING</member>
 
@@ -116,7 +119,7 @@
 
             <member>:I - INVALID connection</member>
 
-            <member>:NI - New or INVALID connection</member>
+            <member>:NI - NEW or INVALID connection</member>
 
             <member>:E - ESTABLISHED connection</member>
 
@@ -129,6 +132,8 @@
           <simplelist>
             <member>:U - UNTRACKED connection</member>
 
+            <member>:IU - INVALID or UNTRACKED connection</member>
+
             <member>:NU - NEW or UNTRACKED connection</member>
 
             <member>:NIU - NEW, INVALID or UNTRACKED connection.</member>