Bug 193331 - IPTables match target "connbytes" missing (present in kernel).
IPTables match target "connbytes" missing (present in kernel).
Product: Fedora
Classification: Fedora
Component: iptables (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2006-05-27 11:01 EDT by Michael H. Warfield
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-08-29 10:15:05 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Michael H. Warfield 2006-05-27 11:01:36 EDT
Description of problem:

The connbytes match module is described in the documentation (man iptables -
under EXTENSIONS) but is not built or included in the package.  The kernel level
modules are present in the kernel package and the kernel headers are present in
the kernel-devel package (but not in the glibc-kernheaders package, unfortunately).

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:

Run iptables ... -m connbytes ...
Actual results:

Failure to load libipt_connbytes
iptables v1.3.5: Couldn't load match
`connbytes':/lib/iptables/libipt_connbytes.so: cannot open shared object file:
No such file or directory

Expected results:

Rule gets loaded with no error.

Additional info:

To fix this, I had to copy linux/netfilter_ipv4/ipt_connbytes.h and
linux/netfilter/xt_connbytes.h into appropriate /usr/include/linux directorys
(netfilter had to be created).  Then create a patch file for the extensions
Makefile and include that in the spec and rebuild.

If the module is in the kernel binaries package, it's kinda useless without
support in iptables.  Unfortunate that it also required copy some kernel headers
over to /usr/include.  Means that  glibc-kernheaders has to be modified as well.
Comment 1 Thomas Woerner 2007-08-29 10:15:05 EDT
This has been fixed in iptables-1.3.8-2 in rawhide and for testing packages in
FC-6 and F-7.

I am sorry, but FC-5 is EOL.

Closing as "WONTFIX"

Note You need to log in before you can comment on or make changes to this bug.