netfilter: conntrack: allow insertion clash of gre protocol

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2220944 Upstream Status: mainline / net tree

We have reports of intermittent packet loss due to ipv6 fragment reassembly timeout. The ipv6 fragments are encapsualated inside a gre tunnel. If the newly-encapsulated packets get picked up in parallel on different CPUs, then gre packets that arrived right before the first packet got committed will be dropped because both packets have an new/unconfirmed entry associated with them.

Enable clash resolution, this tells the existing code to set skb->_nfct of the clashed packet to the already-committed conntrack entry instead of dropping the packet.

Signed-off-by: Florian Westphal fwestpha@redhat.com