From f0004152b7cc7efca17aef9df1cc0e4b1847820a Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Wed, 3 May 2006 22:39:24 +0000
Subject: [PATCH] Fix for HIGH_ROUTE_MARKS=Yes

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3856 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/compiler | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/Shorewall/compiler b/Shorewall/compiler
index 6766496dc..9925ad33f 100755
--- a/Shorewall/compiler
+++ b/Shorewall/compiler
@@ -3187,6 +3187,8 @@ setup_traffic_shaping()
 #
 process_tc_rule()
 {
+    local did_connmark=
+
     chain=$MARKING_CHAIN  target="MARK --set-mark" marktest=
 
     verify_designator() {
@@ -3219,6 +3221,13 @@ process_tc_rule()
 	[ $(($1)) -lt 256 ] || fatal_error "Mark Value ($1) too larg, rule \"$rule\""
     }
 
+    do_connmark()
+    {
+	target="CONNMARK --set-mark"
+	mark=$mark/0xff
+	did_connmark=Yes
+    }
+
     add_a_tc_rule() {
 	r=
 
@@ -3276,6 +3285,7 @@ process_tc_rule()
 	    esac
 	fi
 
+
 	[ -n "$marktest" ] && r="${r}-m ${marktest}--mark $testval "
 
 	if [ "x$dest" != "x-"  ]; then
@@ -3345,18 +3355,18 @@ process_tc_rule()
 		;;
 	    cp|CP)
 		verify_designator tcpre
-		target="CONNMARK --set-mark"
+		do_connmark
 		;;
 	    f|F)
 		verify_designator tcfor
 		;;
 	    cf|CF)
 		verify_designator tcfor
-		target="CONNMARK --set-mark"
+		do_connmark
 		;;
 	    c|C)
-		target="CONNMARK --set-mark"
 		mark=${mark%:*}
+		do_connmark
 		;;
 	    *)
 		chain=tcpost
@@ -3368,24 +3378,29 @@ process_tc_rule()
 
     case $mark in
 	SAVE)
+	    [ -n $did_connmark ] && fatal_error "SAVE not valid with :C[FP]"
 	    target="CONNMARK --save-mark --mask 0xFF"
 	    mark=
 	    ;;
 	SAVE/*)
+	    [ -n $did_connmark ] && fatal_error "SAVE not valid with :C[FP]"
 	    target="CONNMARK --save-mark --mask"
 	    mark=${mark#*/}
 	    verify_small_mark $mark
 	    ;;
 	RESTORE)
+	    [ -n $did_connmark ] && fatal_error "RESTORE not valid with :C[FP]"
 	    target="CONNMARK --restore-mark --mask 0xFF"
 	    mark=
 	    ;;
 	RESTORE/*)
+	    [ -n $did_connmark ] && fatal_error "RESTORE not valid with :C[FP]"
 	    target="CONNMARK --restore-mark --mask"
 	    mark=${mark#*/}
 	    verify_small_mark $mark
 	    ;;
 	CONTINUE)
+	    [ -n $did_connmark ] && fatal_error "CONTINUE not valid with :C[FP]"
 	    target=RETURN
 	    mark=
 	    ;;