netfilter: conntrack: rebase to 5.19
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2111270 Upstream Status: All mainline in nf-next.git Conflicts: Minor only, see patches for details
The upstream kernel carries a number of enhancements in the connection tracking module:
- Remove a few indirect calls.
- Remove the unconfirmed/dying list
- Avoid allocation of ct->ext area if possible. Detect if userspace requested the "ecache" feature. In almost all cases, the extension allocation can then be avoided.
- Restrict a local_bh_disable/enable section to the "l7 helper (ftp, h323...) needed" case.
Improves the connections-per-second rate.
The first patch isn't related to netfilter but it avoids extra surgery on a few followup patches.
Bernard Zhao (1): netfilter: ctnetlink: remove useless type conversion to bool
Bill Wendling (1): netfilter: conntrack: use correct format characters
Eric Dumazet (1): net: align static siphash keys
Florian Westphal (38): netfilter: ctnetlink: remove expired entries first netfilter: ctnetlink: add and use a helper for mark parsing netfilter: ctnetlink: allow to filter dump by status bits netfilter: nf_conntrack_netbios_ns: fix helper module alias netfilter: conntrack: revisit gc autotuning netfilter: conntrack: don't refresh sctp entries in closed state netfilter: conntrack: pptp: use single option structure netfilter: ecache: remove one indent level netfilter: ecache: remove another indent level netfilter: ecache: add common helper for nf_conntrack_eventmask_report netfilter: ecache: prepare for event notifier merge netfilter: ecache: remove nf_exp_event_notifier structure netfilter: ecache: don't use nf_conn spinlock netfilter: cttimeout: use option structure netfilter: ctnetlink: use dump structure instead of raw args netfilter: ecache: move to separate structure netfilter: conntrack: split inner loop of list dumping to own function netfilter: ecache: use dedicated list for event redelivery netfilter: conntrack: include ecache dying list in dumps netfilter: conntrack: remove the percpu dying list netfilter: cttimeout: decouple unlink and free on netns destruction netfilter: remove nf_ct_unconfirmed_destroy helper netfilter: extensions: introduce extension genid count netfilter: cttimeout: decouple unlink and free on netns destruction netfilter: conntrack: remove __nf_ct_unconfirmed_destroy netfilter: conntrack: remove unconfirmed list netfilter: conntrack: avoid unconditional local_bh_disable netfilter: nfnetlink: allow to detect if ctnetlink listeners exist netfilter: conntrack: un-inline nf_ct_ecache_ext_add netfilter: conntrack: add nf_conntrack_events autodetect mode netfilter: prefer extension check to pointer check netfilter: conntrack: remove pr_debug callsites from tcp tracker netfilter: nfnetlink: fix warn in nfnetlink_unbind netfilter: cttimeout: fix slab-out-of-bounds read in cttimeout_net_exit netfilter: cttimeout: fix slab-out-of-bounds read typo in cttimeout_net_exit netfilter: nf_conntrack: add missing __rcu annotations netfilter: nf_conntrack: use rcu accessors where needed netfilter: h323: merge nat hook pointers into one
Jackie Liu (1): netfilter: conntrack: use fallthrough to cleanup
Kees Cook (1): netfilter: conntrack: Use memset_startat() to zero struct nf_conn
Pablo Neira Ayuso (2): netfilter: ctnetlink: missing counters and timestamp in nfnetlink_{log,queue} netfilter: conntrack: add nf_ct_iter_data object for nf_ct_iterate_cleanup*()
Stephen Rothwell (1): netfilter: ctnetlink: fix up for "netfilter: conntrack: remove unconfirmed list"
luo penghao (1): netfilter: conntrack: Remove useless assignment statements
Signed-off-by: Florian Westphal fwestpha@redhat.com