various tryouts on Linux

[Pierre-Philipp Braun]

Hello,

I would like to get ipfilter running on a linux xen guest, which should
become a nice NAT gateway. For some obscure reason, regarding some kind of
weired routing configuration, I have to stick with Linux there. I've tryed
to build ipfilter 5.1.0 and 4.1.x on RHEL/Centos 4.9 and 5.7. I couldn't
find 4.1.35, the link is dead (got a 403 forbidden), but 4.1.33 was
available on sourceforge.

RHEL/CentOS 4.9 xen guest
kernel 2.6.9
glibc 2.3.4

==> 4.1.33 builds fine but I got this error message when trying to load
the 'ipfilter' kernel module,
ipfilter: Unknown symbol __alloc_skb
and I've got the mknod issue too but I will try to troubleshoot the rc
script once the module loads.

==> 5.1.0 doesn't build, it stuck there quite early:
if [ 20609 -lt 20499 ] ; then \
make Linux-2.6.9-103.ELxenU-i686/ipfilter.o; \
else \
(cd Linux-2.6.9-103.ELxenU-i686; pwd; unset MAKEFLAGS; make -C
"/lib/modules/2.6.9-103.ELxenU/build" SUBDIRS="`pwd`" TOP="../.."
CPUDIR="Linux-2.6.9-103.ELxenU-i686" EXTRA_CFLAGS="-DLINUX=20609 -I..
-I`pwd`/.. -I`pwd`/../.. -DIPFILTER_LOG -O2" OBJ= modules); \
fi
/root/tp/ip_fil5.1.0/Linux/Linux-2.6.9-103.ELxenU-i686
make[2]: Entering directory `/usr/src/kernels/2.6.9-103.EL-xenU-i686'
make[3]: *** No rule to make target `../../linux.c', needed by
`/root/tp/ip_fil5.1.0/Linux/Linux-2.6.9-103.ELxenU-i686//linuxm.c'. Stop.
make[2]: ***
[_module_/root/tp/ip_fil5.1.0/Linux/Linux-2.6.9-103.ELxenU-i686] Error 2
make[2]: Leaving directory `/usr/src/kernels/2.6.9-103.EL-xenU-i686'
make[1]: *** [ipflkm] Error 2
make[1]: Leaving directory `/root/tp/ip_fil5.1.0/Linux'


RHEL/CentOS 5.7 xen guest
kernel 2.6.18
glibc 2.5

==> 4.1.33 doesn't build, looks good until ip_film:
if [ 20618 -lt 20499 ] ; then \
make Linux-2.6.18-274.12.1.el5xen-i686/ipfilter.o; \
else \
(cd Linux-2.6.18-274.12.1.el5xen-i686; unset MAKEFLAGS;
make -C "/lib/modules/2.6.18-274.12.1.el5xen/build" SUBDIRS="`pwd`"
TOP="`pwd`/../.." CPUDIR="Linux-2.6.18-274.12.1.el5xen-i686"
EXTRA_CFLAGS="-DLINUX=20618 -I.. -I`pwd`/.. -I`pwd`/../..
-DIPFILTER_LOOKUP -DIPFILTER_SCAN -DIPFILTER_LOG -O2" OBJ= modules); \
fi
make[2]: Entering directory
`/usr/src/kernels/2.6.18-274.12.1.el5-xen-i686'
CC [M]
/root/tp/ip_fil4.1.33/Linux/Linux-2.6.18-274.12.1.el5xen-i686//linuxm.o
CC [M]
/root/tp/ip_fil4.1.33/Linux/Linux-2.6.18-274.12.1.el5xen-i686//ip_film.o
/root/tp/ip_fil4.1.33/Linux/Linux-2.6.18-274.12.1.el5xen-i686//ip_film.c:
In function 'fr_newisn':
/root/tp/ip_fil4.1.33/Linux/Linux-2.6.18-274.12.1.el5xen-i686//ip_film.c:266:
error: implicit declaration of function 'secure_tcp_sequence_number'
make[3]: ***
[/root/tp/ip_fil4.1.33/Linux/Linux-2.6.18-274.12.1.el5xen-i686//ip_film.o]
Error 1
make[2]: ***
[_module_/root/tp/ip_fil4.1.33/Linux/Linux-2.6.18-274.12.1.el5xen-i686]
Error 2
make[2]: Leaving directory `/usr/src/kernels/2.6.18-274.12.1.el5-xen-i686'
make[1]: *** [ipflkm] Error 2
make[1]: Leaving directory `/root/tp/ip_fil4.1.33/Linux'

==> 5.1.0 doesn't build, looks good until ip_film:
if [ 20618 -lt 20499 ] ; then \
make Linux-2.6.18-274.12.1.el5xen-i686/ipfilter.o; \
else \
(cd Linux-2.6.18-274.12.1.el5xen-i686; pwd; unset
MAKEFLAGS; make -C "/lib/modules/2.6.18-274.12.1.el5xen/build"
SUBDIRS="`pwd`" TOP="../.." CPUDIR="Linux-2.6.18-274.12.1.el5xen-i686"
EXTRA_CFLAGS="-DLINUX=20618 -I.. -I`pwd`/.. -I`pwd`/../.. -DIPFILTER_LOG
-O2" OBJ= modules); \
fi
/root/tp/ip_fil5.1.0/Linux/Linux-2.6.18-274.12.1.el5xen-i686
make[2]: Entering directory
`/usr/src/kernels/2.6.18-274.12.1.el5-xen-i686'
CC [M]
/root/tp/ip_fil5.1.0/Linux/Linux-2.6.18-274.12.1.el5xen-i686//linuxm.o
CC [M]
/root/tp/ip_fil5.1.0/Linux/Linux-2.6.18-274.12.1.el5xen-i686//ip_film.o
/root/tp/ip_fil5.1.0/Linux/Linux-2.6.18-274.12.1.el5xen-i686//ip_film.c:
In function 'ipf_newisn':
/root/tp/ip_fil5.1.0/Linux/Linux-2.6.18-274.12.1.el5xen-i686//ip_film.c:191:
error: implicit declaration of function 'secure_tcp_sequence_number'
/root/tp/ip_fil5.1.0/Linux/Linux-2.6.18-274.12.1.el5xen-i686//ip_film.c:
In function 'ipf_fastroute':
/root/tp/ip_fil5.1.0/Linux/Linux-2.6.18-274.12.1.el5xen-i686//ip_film.c:548:
error: 'frdest_t' has no member named 'fd_ifp'
make[3]: ***
[/root/tp/ip_fil5.1.0/Linux/Linux-2.6.18-274.12.1.el5xen-i686//ip_film.o]
Error 1
make[2]: ***
[_module_/root/tp/ip_fil5.1.0/Linux/Linux-2.6.18-274.12.1.el5xen-i686]
Error 2
make[2]: Leaving directory `/usr/src/kernels/2.6.18-274.12.1.el5-xen-i686'
make[1]: *** [ipflkm] Error 2
make[1]: Leaving directory `/root/tp/ip_fil5.1.0/Linux'


Help is appreciated
I can also try a more recent 2.6 guest kernel on another distribution.
The legacy rhel4,5 guests are just easier to install.

Thanks !
Pierre-Philipp