Yes. The netfilter changes as of 2.4.17-pre7 have been:
o have mangle teable attach to all five hooks
(Brad Chapman & me)
o new match for SPI field in AH/ESP ipsec headers (broken1)
(Yon Uriarte)
o new ULOG target for high performance userspace packet logging (broken1)
(me)
o fix skb_headroom reallocation after destination change (your bug)
(Rusty Russell, Marc Boucher & me)
o fix REDIRECT handling of artificial TCP RST's generated by REJECT
(Marc Boucher)
o fix debugging code for ip_fw_compat.c
(Rusty Russell)
o fix bug when using REDIRECT and no IP address is attached to
an interface
(Lennert Buytenhek)
o add ip_queue (and QUEUE target) support for IPv6
(Fernando Anton & James Morris)
o fix printing of inner ICMP packet (if icmp in icmp errmsg) in LOG target
(Jozsef Kadlecsik)
o fix typo in errormessage of ipv6 MARK target
(Dave Jones)
o increase module usage count as soon as there are rules in iptables
(me)
o increase module usage count as soon as there are rules in ipchains
(me)
o increase module usage count as soon as there are rules in ipfwadm (broken2)
(Rusty Russell)
broken1: broken because the final kernel tree was strangely missing two
.c files which had been inside the patch
(davem and marcelo taking care of this)
broken2: broken because I was too lazy. Patch has appeared on lkml and is
submitted for kernel inclusion.
> Woo. :)
-- Live long and prosper - Harald Welte / laforge@gnumonks.org http://www.gnumonks.org/ ============================================================================ GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M- V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/