netfilter: conntrack: switch to siphash and include zone id in hash again
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2030759 Conflicts: cherry-picks Tested: selftest scripts included in this mr
Make following changes:
- include the zone id in the conntrack hash value again. Without this, hash chains can grow up to 64k in size if tuples overlap.
- introduce an internal upperlimit on the hash chain size. Inserts fail if bucket is too large. Also add stat counter for this.
- replace use of jhash with siphash.
- make udp flows assured only once the udp "connection" is treated as a udp stream (as opposed to say, a dns query).
Signed-off-by: Florian Westphal fwestpha@redhat.com