IPFilter 4.1.33 with backward compatibility

[Darren Reed <darrenr%reed.wattle.id.au@localhost>]

With every update ipfilter in current, there's always
a request to have the changes back ported that gets
shelved because of compatibility issues. The support
to deal with that has always been there, I've just
never done anything to make it happen.

So I'd appreciate it if a couple of volunteers could
download the code at the link below and either update
their LKM with one built from it or update their kernel
source and give it a go. If you're going to build a
static kernel, you'll need to ensure that all of the
ipfilter kernel bits all get built with "-DIPFILTER_COMPAT=1".
Eventually, this will need to go into opt_ipfilter.h.

http://coombs.anu.edu.au/~avalon/ipf41c.tgz

What you should see is something like this:
excalibur# dmesg | tail -3
IP Filter: loaded into slot 44
IP Filter: v4.1.33 initialized.  Default = pass all, Logging = enabled
LKM 'IP Filter: v4.1.33': forced load, skipping compatibility checks
excalibur# modstat
Type    Id   Offset Loadaddr Size Info     Rev Module Name
DEV       0  -1/44  cbba0000 0094 cbbc0e40   2 IP Filter: v4.1.33
excalibur# ipf -V
ipf: IP Filter: v4.1.24 (396)
Kernel: IP Filter: v4.1.24
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 0
Feature mask: 0x87

.. yes, "ipf -V" is displaying correct information,
it is just the kernel that is lieing for compat. reasons.

One word of caution: compatibility with IPFilter versions
prior to 4.1.14 may be limited because programs such as
ipfstat were still using /dev/kmem to get live information
rather than ioctls.

Darren