iptables -> owner problem

Hi,

sorry if this has been asked before.
I have got a problem with my Linux system (Debian Woody, unpatched kernel
2.4.27 from kernel.org) or at least I'm too much blinded by the obvious

masq:/home/matc# /sbin/iptables -A OUTPUT -m owner --sid-owner 7790 -j ACCEPT
iptables: Invalid argument

The problem seems to be the explicit "owner" match.

The necessary kernel modules have been loaded:
Module Size Used by Tainted: P
ipt_owner 1376 0 (autoclean)
ipt_state 608 3 (autoclean)
ipt_limit 960 2 (autoclean)
ipt_mac 704 6 (autoclean)
ip_conntrack_ftp 3712 0 (unused)
ip_tables 11072 14 [ipt_owner ipt_state ipt_limit ipt_mac
ipt_mark ipt_length ipt_MARK iptable_mangle ipt_multiport iptable_filter
ipt_MASQUERADE iptable_nat]
[...]

Other explicit matches like multiport,mark,mac do work fine.
7790 is a valid sid of a multithreaded application.
iptables has been called as root.

Can anybody tell me the problem or where to look next?

Thanks,

MD

Matthias Degenkolb wrote:
> Can anybody tell me the problem or where to look next?

Look if you have this file:
/lib/iptables/libipt_owner.so

or do:
iptables -m owner -h

to see if you've got the support for owner.

If you have the support then probably the userspace code
from iptables and the kernel code it's not synced.

> Thanks,
>
> MD

Regards.

--

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
(E-Mail Removed)
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"

Am Thu, 24 Feb 2005 14:05:42 +0100 schrieb Jose Maria Lopez Hernandez:

> Regards.

Thanks a lot, an update of the iptables package solved the problem.
(So in fact i WAS blinded by the obvious