From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Subject: Re: conntrack-tools and kernel 2.6.22 Date: Tue, 27 Nov 2007 15:09:07 +0100 Message-ID: <474C2503.6000102@trash.net> References: <34f8e8a30711261204ge069052rf956aef7184be64a@mail.gmail.com> <474C1DA5.6010900@netfilter.org> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <474C1DA5.6010900@netfilter.org> Sender: netfilter-owner@vger.kernel.org List-Id: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: Pablo Neira Ayuso Cc: Ben Young , netfilter@vger.kernel.org Pablo Neira Ayuso wrote: > Ben Young wrote: >> I have been working on switching some systems over to kernel version >> 2.6.22. In the transition, conntrack-tools has stopped working on >> these systems. Depending on which commands I issue to conntrack, I >> get one of the two errors below, neither of which is particularly >> helpful in diagnosing the problem. >> >> Operation failed: Can't open handler >> Operation failed: sorry, you must be root or get CAP_NET_ADMIN >> capability to do this >> >> Does anyone know why conntrack wouldn't work on kernel 2.6.22 when it >> works just fine when I'm running 2.6.17 or 2.6.18? Or have any >> suggestions for how to go about determining the root cause of this >> issue? >> >> FYI, I am currently using these versions of the conntrack tools: >> >> libnetfilter_conntrack: 0.0.81 >> libnfnetlink: 0.0.30 >> conntrack: 1.00beta2 > ^^^ > This is an old version of the conntrack userspace commandline tool, get > conntrack-tools 0.9.5 that contains conntrack and conntrackd. > > http://people.netfilter.org/pablo/conntrack-tools/ Why doesn't it work on current kernels? Things shouldn't break when updating the kernel.