Bug 79249 - Add support for Linux 2.4.20/2.5 owner match (already in latest upstream)
Summary: Add support for Linux 2.4.20/2.5 owner match (already in latest upstream)
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: iptables
Version: 1.0
Hardware: i686
OS: Linux
Target Milestone: ---
Assignee: wdovlrrw
QA Contact: Ben Levenson
Depends On:
Blocks: 79578
TreeView+ depends on / blocked
Reported: 2002-12-08 17:13 UTC by Luca Barbieri
Modified: 2007-04-18 16:48 UTC (History)
0 users

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Last Closed: 2003-01-13 21:11:47 UTC

Attachments (Terms of Use)

Description Luca Barbieri 2002-12-08 17:13:20 UTC
Description of Problem:
Linux 2.4.20 and 2.5 (apparently starting from 2.5.32) extend the owner match to
support to allow matching on the process "comm" name and does so by enlarging
the structure used to pass owner match data.
This means that versions of iptables not updated to support the new kernels are
unable to use owner match at all (because the kernel check the struct size).

This is apparently fixed in iptables 1.2.7a: please upgrade or backport the patch.

Version-Release number of selected component (if applicable):

How Reproducible:
Every time.

Steps to Reproduce:
1. Boot Linux 2.4.20, 2.5.32 or later
2. iptables -A OUTPUT -m owner --uid-owner <uid> -j DROP

Actual Results:
"iptables: Invalid argument"

Expected Results:
iptables succeeds and the rule is enacted

Comment 1 Bill Nottingham 2003-01-13 21:11:47 UTC
fixed in 1.2.7a-1

Note You need to log in before you can comment on or make changes to this bug.