ipfilter on Slackware 12.0 (kernel 2.6.21)

Tue, 23 Oct 2007 14:37:28 -0700 

Hi,

The following "patch" may be of interest to Linux Slackware users.

I have since a few days ipfilter 4.1.27 running on 2 Linux systems
(and like ipfilter very much),

        Slackware 10.20 with kernel 2.6.13 / gcc 3.2 

        Slackware 12.0 with kernel 2.6.21 / gcc 4.1.2

filename:       /lib/modules/2.6.21.5-smp/kernel/net/ipv4/ipfilter.ko
license:        (C)Copyright 2003-2004 Darren Reed
description:    IP-Filter Firewall
author:         Darren Reed
depends:        
vermagic:       2.6.21.5-smp SMP mod_unload 686 

minor note:

On both systems, I had to install "libelf", version 0.8.10 on the 12.0 system,
and version 0.8.6 on the older slackware system, libelf public version by
Michael Riepe.

the 'ipfstat' binary uses the nlist() call from libelf.

libelf is not on Slackware by default, so I had to download it
from ftp.ibiblio.org/pub/Linux/libs

The 12.0 system uses Intel e1000 gigabit cards (PCI express) and is the one
I am most interested in.

The port to the older 10.20 system was much easier (basically a recompile, it 
compiled just fine on Slackware 10.20, but the 12.0 was not so easy.

The compile on the 12.0 system was/is not going smoothly; had to fix several
small things.

For the 2.6.21 kernel, several small changes were necessary, mostly due
to changes in Linux such

        modules
        header file changes
        lots of changes in net/ipv4/ip_output.c

IMPORTANT:  please do **NOT** apply the patch in attach- it is experimental !!!!

It contains expiremental #ifdef STES code because I'm developing some
extension to ipfilter on these Slackware systems.

On the other hand, if somebody who knows ipfilter and Linux better than I
do could have a look at the patch, I would be very grateful, certainly if
they have suggestions to do it better.

IPNAT & PROXY
-------------

REMARK : on both systems, ipmon, ipfstat, (ifpstat -t) and ipf work ok,
I *cannot* use the FTP module for NAT.

The RCMD proxy compiles on Linux but I can't get it to work.

the FTP proxy doesn't compile on Linux, unless I #ifdef stes some stuff
(see patch),

The problem is with the COPYBACK and m_adj calls in the FTP proxy code.

Anyway on none of my Linux systems I have a m_adj function as the FTP proxy
code seems to be using, so I think I'm sure that that code currently doesn't
compile on LINUX.

Is somebody using the ipfilter FTP or RCMD proxy on Linux ?

Kind regards,
DAvid Stes

Attachment: patch.gz
Description: application/gunzip

Reply via email to