diff -purN -X dontdiff linux-2.6.14-rc5.p/net/ipv4/netfilter/ipt_owner.c linux-2.6.14-rc5.w/net/ipv4/netfilter/ipt_owner.c
--- linux-2.6.14-rc5.p/net/ipv4/netfilter/ipt_owner.c	2005-10-21 10:55:24.000000000 -0400
+++ linux-2.6.14-rc5.w/net/ipv4/netfilter/ipt_owner.c	2005-10-21 16:13:40.000000000 -0400
@@ -31,23 +31,36 @@ match(const struct sk_buff *skb,
       int *hotdrop)
 {
 	const struct ipt_owner_info *info = matchinfo;
+	struct sock *osk;
+	int ret = 0;
 
-	if (!skb->sk || !skb->sk->sk_socket || !skb->sk->sk_socket->file)
-		return 0;
+	osk = in ? (struct sock *)sk : skb->sk;
+	if (!osk)
+		goto out;
+
+	read_lock_bh(&osk->sk_callback_lock);
+
+	if (!osk->sk_socket || !osk->sk_socket->file)
+		goto out_unlock;
 
 	if(info->match & IPT_OWNER_UID) {
-		if ((skb->sk->sk_socket->file->f_uid != info->uid) ^
+		if ((osk->sk_socket->file->f_uid != info->uid) ^
 		    !!(info->invert & IPT_OWNER_UID))
-			return 0;
+		    	goto out_unlock;
 	}
 
 	if(info->match & IPT_OWNER_GID) {
-		if ((skb->sk->sk_socket->file->f_gid != info->gid) ^
+		if ((osk->sk_socket->file->f_gid != info->gid) ^
 		    !!(info->invert & IPT_OWNER_GID))
-			return 0;
+		    	goto out_unlock;
 	}
 
-	return 1;
+	ret = 1;
+
+out_unlock:
+	read_unlock_bh(&osk->sk_callback_lock);
+out:
+	return ret;
 }
 
 static int
@@ -60,8 +73,10 @@ checkentry(const char *tablename,
 	const struct ipt_owner_info *info = matchinfo;
 
         if (hook_mask
-            & ~((1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_POST_ROUTING))) {
-                printk("ipt_owner: only valid for LOCAL_OUT or POST_ROUTING.\n");
+            & ~((1 << NF_IP_LOCAL_OUT)
+            | (1 << NF_IP_POST_ROUTING) | (1 << NF_IP_SOCKET_IN))) {
+                printk("ipt_owner: only valid for LOCAL_OUT, POST_ROUTING or "
+                       "SOCKET.\n");
                 return 0;
         }