The flag is __x86_64__. Even though there are some other instances of
__i386__ in directories such as ipsend and ipsd, for the kernel module
to work only the following changes were required:
--- ipf-linux.h.orig 2009-05-06 12:04:39.000000000 -0700
+++ ipf-linux.h 2009-05-06 12:05:05.000000000 -0700
@@ -43,7 +43,7 @@
__u32 th_seq;
__u32 th_ack;
# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\
- defined(__vax__)
+ defined(__vax__) || defined(__x86_64__)
__u8 th_res:4;
__u8 th_off:4;
#else
@@ -67,7 +67,7 @@
struct ip {
# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\
- defined(__vax__)
+ defined(__vax__) || defined(__x86_64__)
__u8 ip_hl:4;
__u8 ip_v:4;
# else
I guess, if and whenever you'd like, you can roll it in with the other
changes to support 64-bit X86. I am going to test it a bit more over
time and will let you know if I find any other issues.
Thanks,
- Ashwani
On Wed, May 6, 2009 at 11:44 AM, Darren Reed <[email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> In ip_fil4.1.30/Linux/ipf-linux.h, you will find this:
>
> struct ip {
> # if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\
> ~ defined(__vax__)
> ~ __u8 ip_hl:4;
> ~ __u8 ip_v:4;
> # else
> ~ __u8 ip_v:4;
> ~ __u8 ip_hl:4;
> # endif
>
> .. it would appear the "#if" needs to be expanded upon?
>
> I don't know what your gcc is predefining.
>
> Darren
>
> Ashwani Wason wrote:
> | You are right and I should have seen that (byte ordering issue). How to
> fix it?
> |
> | - Ashwani
> |
> |
> |
> | On Mon, May 4, 2009 at 11:50 PM, Darren Reed <[email protected]>
> wrote:
> | > Version is 5... and I bet ip_hl is 4?
> | >
> | > Darren
> | >
> | > Ashwani Wason wrote:
> | >> BTW, the version number that shows up in the packets is 5 :)
> | >>
> | >> - Ashwani
> | >>
> | >>
> | >>
> | >> On Mon, May 4, 2009 at 9:07 AM, Ashwani Wason <[email protected]> wrote:
> | >>
> | >>> Darren,
> | >>>
> | >>> Using the good old-fashioned printf-based debugging "technique", the
> | >>> problem seems to be that the I/O netfilter hook callback in
> | >>> ip_fil_linux.c is unable to recognize the packet version:
> | >>>
> | >>> sk = *skbp;
> | >>> ip = MTOD(sk, ip_t *);
> | >>> if (ip->ip_v == 4) {
> | >>> hlen = ip->ip_hl << 2;
> | >>> ip->ip_len = ntohs(ip->ip_len);
> | >>> ip->ip_off = ntohs(ip->ip_off);
> | >>> #ifdef USE_INET6
> | >>> } else if (ip->ip_v == 6) {
> | >>> hlen = sizeof(ip6_t);
> | >>> #endif
> | >>> } else {
> | >>> printk("Dropping unknown IP version packet.\n");
> | >>> return NF_DROP;
> | >>> }
> | >>>
> | >>> I see the "Dropping unknown IP version packet" message pop-up for
> | >>> every incoming/outgoing packet. This is so basic that any general
> | >>> problem would have been caught in your testing - I am not sure if it
> | >>> is related to 32-bit/64-bit. (Not sure if you test IP filter in 64-bit
> | >>> mode on Linux.)
> | >>>
> | >>> - Ashwani
> | >>>
> | >>>
> | >>>
> | >>> On Fri, May 1, 2009 at 11:10 AM, Ashwani Wason <[email protected]>
> wrote:
> | >>>
> | >>>> Filed bug 2785189.
> | >>>>
> | >>>> - Ashwani
> | >>>>
> | >>>>
> | >>>>
> | >>>> On Fri, May 1, 2009 at 10:28 AM, Darren Reed
> <[email protected]> wrote:
> | >>>>
> | >>>>> Please make sure any bugs/issues/problems are recorded in source
> forge
> | >>>>> so that they can be tracked appropriately:
> | >>>>>
> | >>>>> https://sourceforge.net/tracker/?group_id=169098&atid=849053
> | >>>>>
> | >>>>> Darren
> | >>>>>
> | >>>>>
> | >>>>>
> | >>>>>
> | >>
> | >>
> | >
> | >
> |
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkoB2oIACgkQP7JIXtvLbFWL9gCfRMLbjozxxq5ys3IA9hYDz+Xk
> vFkAn07CmHEIxLW19fhIdE5WwosyRQGK
> =uESr
> -----END PGP SIGNATURE-----
>
>
