I got this error after upgrading to sys-kernel/gentoo-sources-2.6.20(with net-firewall/iptables-1.3.7). # iptables --table mangle --append OUTPUT --jump MARK --set-mark 2 iptables: Invalid argument dmesg says: ip_tables: MARK target: invalid size 16 != 24 similar error occurs when using CONNMARK target, mark match and connmark match. I found an entry on the netfilter mailing list saying: The latest -git kernel includes compatibility functions for 32 bit userspace. You need to compile your iptables without the KERNEL_64_USERSPACE_32 thing though (edit main Makefile). I did so and removed -DKERNEL_64_USERSPACE_32 from the Makefile and it worked. # emerge --info Portage 2.1.2-r9 (default-linux/sparc/sparc64/2006.1, gcc-3.4.6, glibc-2.3.6-r5, 2.6.20 sparc64) ================================================================= System uname: 2.6.20 sparc64 sun4u Gentoo Base System version 1.12.9 Timestamp of tree: Sat, 10 Feb 2007 01:50:01 +0000 dev-lang/python: 2.4.4 dev-python/pycrypto: 2.0.1-r5 sys-apps/sandbox: 1.2.18.1 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.17 sys-devel/gcc-config: 1.3.14 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r6 ACCEPT_KEYWORDS="sparc ~sparc" AUTOCLEAN="yes" CBUILD="sparc-unknown-linux-gnu" CFLAGS="-mcpu=ultrasparc -mtune=ultrasparc -O2 -pipe" CHOST="sparc-unknown-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-mcpu=ultrasparc -mtune=ultrasparc -O2 -pipe" DISTDIR="/tmp/distfiles" FEATURES="sandbox userfetch userpriv usersandbox" GENTOO_MIRRORS="http://gentoo.mneisen.org/ http://gd.tuwien.ac.at/opsys/linux/gentoo/ http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://gentoo.inode.at/source/ ftp://ftp.mneisen.org/gentoo" LANG="de_DE.UTF-8" LINGUAS="de en" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="7zip alsa apache2 bittorrent bzip2 cli crypt cvs dedicated extensions gd gif gzip hddtemp ipv6 jpeg jpeg2k l7filter mail mbox md5sum mp3 multiuser mysql ncurses net network nfs nls no-old-linux nocd nojava nowin nptl nptlonly ogg p2p pcap pcre perl php png python readline ruby sendmail serial server session sftp smp smtp snmp sound sounds sparc srv ssl subversion symlink tar threads threadsafe threadsonly udev ultra1 unicode unzip user-homedirs userlocales verbose vnc vorbis xml zip zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LINGUAS="de en" USERLAND="GNU" VIDEO_CARDS="dummy sunffb" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Reassigning to base-system, not much we (kernel team) can do about this.
sparc team needs to verify this is OK ... Makefile: # Sparc64 hack ifeq ($(shell uname -m),sparc64) POINTERTEST:=1 32bituser := $(shell echo -e "\#include <stdio.h>\n\#if ........ ifdef 32bituser # The kernel is 64-bit, even though userspace is 32. CFLAGS+=-DIPT_MIN_ALIGN=8 -DKERNEL_64_USERSPACE_32 else EXT_LDFLAGS+=-Wl,-m,elf64_sparc endif endif
Created attachment 110137 [details, diff] Disable KERNEL_64_USERSPACE_32 Seems to work fine, but it breaks the ULOG target - however ulogd never worked right on sparc so it's a non-issue for the time being.
Committed into the iptables-1.3.7 ebuild.