Bug 193331 - IPTables match target "connbytes" missing (present in kernel).
Summary: IPTables match target "connbytes" missing (present in kernel).
Alias: None
Product: Fedora
Classification: Fedora
Component: iptables
Version: 5
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2006-05-27 15:01 UTC by Michael H. Warfield
Modified: 2007-11-30 22:11 UTC (History)
0 users

Clone Of:
Last Closed: 2007-08-29 14:15:05 UTC

Attachments (Terms of Use)

Description Michael H. Warfield 2006-05-27 15:01:36 UTC
Description of problem:

The connbytes match module is described in the documentation (man iptables -
under EXTENSIONS) but is not built or included in the package.  The kernel level
modules are present in the kernel package and the kernel headers are present in
the kernel-devel package (but not in the glibc-kernheaders package, unfortunately).

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:

Run iptables ... -m connbytes ...
Actual results:

Failure to load libipt_connbytes
iptables v1.3.5: Couldn't load match
`connbytes':/lib/iptables/libipt_connbytes.so: cannot open shared object file:
No such file or directory

Expected results:

Rule gets loaded with no error.

Additional info:

To fix this, I had to copy linux/netfilter_ipv4/ipt_connbytes.h and
linux/netfilter/xt_connbytes.h into appropriate /usr/include/linux directorys
(netfilter had to be created).  Then create a patch file for the extensions
Makefile and include that in the spec and rebuild.

If the module is in the kernel binaries package, it's kinda useless without
support in iptables.  Unfortunate that it also required copy some kernel headers
over to /usr/include.  Means that  glibc-kernheaders has to be modified as well.

Comment 1 Thomas Woerner 2007-08-29 14:15:05 UTC
This has been fixed in iptables-1.3.8-2 in rawhide and for testing packages in
FC-6 and F-7.

I am sorry, but FC-5 is EOL.

Closing as "WONTFIX"

Note You need to log in before you can comment on or make changes to this bug.