The following patchset contains Netfilter changes for *net-next*: 1) Don't respond to ICMP_UNREACH errors with another ICMP_UNREACH error. 2) Support fetching the current bridge ethernet address. This allows a more flexible approach to packet redirection on bridges without need to use hardcoded addresses. From Fernando Fernandez Mancera. 3) Zap a few no-longer needed conditionals from ipvs packet path and convert to READ/WRITE_ONCE to avoid KCSAN warnings. From Zhang Tengfei. 4) Remove a no-longer-used macro argument in ipset, from Zhen Ni. Please, pull these changes from: The following changes since commit 5adf6f2b9972dbb69f4dd11bae52ba251c64ecb7: Merge branch 'ipv4-icmp-fix-source-ip-derivation-in-presence-of-vrfs' (2025-09-11 12:22:40 +0200) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git tags/nf-next-25-09-11 for you to fetch changes up to db99b2f2b3e2cd8227ac9990ca4a8a31a1e95e56: netfilter: nf_reject: don't reply to icmp error messages (2025-09-11 15:40:55 +0200) ---------------------------------------------------------------- netfilter pull request nf-next-25-09-11 ---------------------------------------------------------------- Andres Urian Florez (1): selftest:net: fixed spelling mistakes Fernando Fernandez Mancera (1): netfilter: nft_meta_bridge: introduce NFT_META_BRI_IIFHWADDR support Florian Westphal (1): netfilter: nf_reject: don't reply to icmp error messages Zhang Tengfei (1): ipvs: Use READ_ONCE/WRITE_ONCE for ipvs->enable Zhen Ni (1): netfilter: ipset: Remove unused htable_bits in macro ahash_region include/uapi/linux/netfilter/nf_tables.h | 2 ++ net/bridge/netfilter/nft_meta_bridge.c | 11 +++++++++ net/ipv4/netfilter/nf_reject_ipv4.c | 25 ++++++++++++++++++++ net/ipv6/netfilter/nf_reject_ipv6.c | 30 ++++++++++++++++++++++++ net/netfilter/ipset/ip_set_hash_gen.h | 8 +++---- net/netfilter/ipvs/ip_vs_conn.c | 4 ++-- net/netfilter/ipvs/ip_vs_core.c | 11 ++++----- net/netfilter/ipvs/ip_vs_ctl.c | 6 ++--- net/netfilter/ipvs/ip_vs_est.c | 16 ++++++------- tools/testing/selftests/net/netfilter/nft_nat.sh | 4 ++-- 10 files changed, 91 insertions(+), 26 deletions(-)
