Hi,
The following batch contains Netfilter fixes for net:
1) Three patches to enhance conntrack selftests for resize and clash
resolution, from Florian Westphal.
2) Expand nft_concat_range.sh selftest to improve coverage from error
path, from Florian Westphal.
3) Hide clash bit to userspace from netlink dumps until there is a
good reason to expose, from Florian Westphal.
4) Revert notification for device registration/unregistration for
nftables basechains and flowtables, we decided to go for a better
way to handle this through the nfnetlink_hook infrastructure which
will come via nf-next, patch from Phil Sutter.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git nf-25-07-17
Thanks.
----------------------------------------------------------------
The following changes since commit 7727ec1523d7973defa1dff8f9c0aad288d04008:
net: emaclite: Fix missing pointer increment in aligned_read() (2025-07-11 16:37:06 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-25-07-17
for you to fetch changes up to 2d72afb340657f03f7261e9243b44457a9228ac7:
netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (2025-07-17 11:23:33 +0200)
----------------------------------------------------------------
netfilter pull request 25-07-17
----------------------------------------------------------------
Florian Westphal (6):
selftests: netfilter: conntrack_resize.sh: extend resize test
selftests: netfilter: add conntrack clash resolution test case
selftests: netfilter: conntrack_resize.sh: also use udpclash tool
selftests: netfilter: nft_concat_range.sh: send packets to empty set
netfilter: nf_tables: hide clash bit from userspace
netfilter: nf_conntrack: fix crash due to removal of uninitialised entry
Phil Sutter (1):
Revert "netfilter: nf_tables: Add notifications for hook changes"
include/net/netfilter/nf_conntrack.h | 15 +-
include/net/netfilter/nf_tables.h | 5 -
include/uapi/linux/netfilter/nf_tables.h | 10 --
include/uapi/linux/netfilter/nfnetlink.h | 2 -
net/netfilter/nf_conntrack_core.c | 26 ++-
net/netfilter/nf_tables_api.c | 59 -------
net/netfilter/nf_tables_trace.c | 3 +
net/netfilter/nfnetlink.c | 1 -
net/netfilter/nft_chain_filter.c | 2 -
tools/testing/selftests/net/netfilter/.gitignore | 1 +
tools/testing/selftests/net/netfilter/Makefile | 3 +
.../selftests/net/netfilter/conntrack_clash.sh | 175 +++++++++++++++++++++
.../selftests/net/netfilter/conntrack_resize.sh | 97 +++++++++++-
.../selftests/net/netfilter/nft_concat_range.sh | 3 +
tools/testing/selftests/net/netfilter/udpclash.c | 158 +++++++++++++++++++
15 files changed, 468 insertions(+), 92 deletions(-)
create mode 100755 tools/testing/selftests/net/netfilter/conntrack_clash.sh
create mode 100644 tools/testing/selftests/net/netfilter/udpclash.c
