Well, I "solved" the problem. Turns out, this has been solved before! I ended up using the low tech, non-complicated method of debugging known as print statements. ipfilter thought all packets were ip version 5, and dropping them all on the floor. When I googled for it, I came up with this link http://www.mail-archive.com/[email protected]/msg08007.html, a post by Ashwani Wason. The post said there were *two* places the ifdef needed to have || defined(__x86_64__) added, but only the first one in Linux/ipf-linux.h line 55 was added for the ipftcphdr struct. It is also necessary on line 74 to add the same || defined(__x86_64) for the ip struct. With the patch I posted before, and the fix from Ashwani, I now have ipfilter on a RHEL 5.4 machine running kernel version 2.6.18-164.11.
I now realize ipfilter is moving onto a newer version, and in fact, as release candidates out, but I'd still appreciate it if we could either use the patch from my previous message for get_random_int functionality in slightly older kernels (the standard ones for RHEL as of right now!), or just remove the port randomization if the kernel version is too old, so the 4.1.xx branches can be built under RHEL. Try as we might to convince the governent to let us use our own favorite flavors of linux or other unix like OSs, they won't budge...Its Solaris, RHEL, or Windows (for the only non-unix-like-os)....(I like FreeBSD and Ubuntu myself...). Anyhow, We will be using the patch and the fix for our customer's system as we feel it to be sufficiently tested and functional, and of course, it lets us maintain only 1 baseline :) Thanks for all the work on ipFilter! I'll be setting up my FreeBSD 7.0 machine with it shortly :)
