iptables-1.3.5-5.3.el5_4.1.src.rpm

Tested against kernel-rt-2.6.24.7-132 and 2.6.18-128.8.1 (latest stock RHEL5.3.z) with the old iptables-1.3.5-4.el5.  The new iptables-1.3.5-5.3.el5_4.1 was tested on 2.6.24.7-137 and 2.6.18-128.8.1.

Both 32bit and 64bit architectures was tested.

The following iptables command was tested:

   iptables -A INPUT -p tcp --syn --dport 80 -m connlimit \
	--connlimit-above 15 -j REJECT


On 2.6.18-128.8.1 and 2.6.24.7-132 with the old iptables the result was:

* 32bit
iptables: Unknown error 4294967295

* 64bit
iptables: Unknown error 18446744073709551615

On 2.6.18-128.8.1 with the new iptables version, the result was the same as above.

On 2.6.24.7-137 with the new iptables, the result was no errors and iptables accepted the command.

This is the expected behaviour.

Reverified on iptables-1.3.5-4.el5 (stock RHEL) and iptables-1.3.5-4.el5rt.1 (updated for -137 kernel). Ran tests on kernel-2.6.18-128.el5 and kernel-rt-2.6.24.7-137.el5rt

Used this command line for the check:

   iptables -A INPUT -p tcp --syn --dport 80 -m connlimit \
            --connlimit-above 15 -j REJECT

** stock RHEL iptables
kernel-2.6.18-128.el5 + iptables-1.3.5-4.el5
  i686   ==> fails, as expected, no --connlimit support in kernel.
  x86_64 ==> fails, as expected, no --connlimit support in kernel.

kernel-rt-2.6.24.7-137.el5rt + iptables-1.3.5-4.el5
  i686   ==> fails, as expected with this iptables version.
  x86_64 ==> works, as expected.


** updated iptables for MRG kernel
kernel-2.6.18-128.el5 + iptables-1.3.5-4.el5rt.1
  i686   ==> fails, as expected - no --connlimit support in kernel.
  x86_64 ==> fails, as expected - no --connlimit support in kernel.

kernel-rt-2.6.24.7-137.el5rt + iptables-1.3.5-4.el5rt.1
  i686   ==> works, as expected.
  x86_64 ==> works, as expected.


No unexpected behaviour was found with this test routine.  Keeping it verified.