>>>>> "sigsegv" == sigsegv  <sigsegv@rambler.ru> writes:

    >> Sorry for my inaccuracy: kernel _and_ complete userland is
    >> updated (last night), but not completely recompiled from
    >> scratch! Is the latter mandatory?

    sigsegv> You mean you updated src tree, built kernel and then
    sigsegv> simply copied kernel to / and rebooted?

No: I've updated complete src, update built/compiled (./build.sh ...
-u ...) kernel _and_ userland, installed both and rebooted then. So
both, kernel _and_ userland, should in sync, but both are not built
from scratch.

    sigsegv> I don't think you need to recompile the entire userland,
    sigsegv> just the parts which interact with ipfilter and may be
    sigsegv> install some headers.

So, that was my question: Did I miss something if not compiling from
scratch?

    sigsegv> I'm not a kernel developer so don't know much about it,
    sigsegv> but if you follow the instructions given in the relevant
    sigsegv> mail archive exactly to the letter and if you still have
    sigsegv> problems, then I guess kernel developers need to have a
    sigsegv> look at it.

A './build.sh ... -u ...' should have included all update instructions
and the problems I observe are really severe: Beside the not correctly
working ipnat the falsely generated ipnat (response) packets seem to
confuse the whole intranet behinde the router!

So, if anybody else can confirm these problems (that was my secondary
intention) I will send-pr.

Markus.