};
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
-@@ -901,6 +901,9 @@ static unsigned int early_drop_list(stru
+@@ -974,6 +974,9 @@ static unsigned int early_drop_list(stru
hlist_nulls_for_each_entry_rcu(h, n, head, hnnode) {
tmp = nf_ct_tuplehash_to_ctrack(h);
if (nf_ct_is_expired(tmp)) {
nf_ct_gc_expired(tmp);
continue;
-@@ -978,6 +981,18 @@ static bool gc_worker_can_early_drop(con
+@@ -1051,6 +1054,18 @@ static bool gc_worker_can_early_drop(con
return false;
}
static void gc_worker(struct work_struct *work)
{
unsigned int min_interval = max(HZ / GC_MAX_BUCKETS_DIV, 1u);
-@@ -1014,6 +1029,11 @@ static void gc_worker(struct work_struct
+@@ -1087,6 +1102,11 @@ static void gc_worker(struct work_struct
tmp = nf_ct_tuplehash_to_ctrack(h);
scanned++;
expired_count++;
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
-@@ -1120,6 +1120,14 @@ static const struct nla_policy ct_nla_po
+@@ -1123,6 +1123,14 @@ static const struct nla_policy ct_nla_po
.len = NF_CT_LABELS_MAX_SIZE },
};
static int ctnetlink_flush_conntrack(struct net *net,
const struct nlattr * const cda[],
u32 portid, int report)
-@@ -1132,7 +1140,7 @@ static int ctnetlink_flush_conntrack(str
+@@ -1135,7 +1143,7 @@ static int ctnetlink_flush_conntrack(str
return PTR_ERR(filter);
}
portid, report);
kfree(filter);
-@@ -1178,6 +1186,11 @@ static int ctnetlink_del_conntrack(struc
+@@ -1181,6 +1189,11 @@ static int ctnetlink_del_conntrack(struc
ct = nf_ct_tuplehash_to_ctrack(h);
+ }
+
if (cda[CTA_ID]) {
- u_int32_t id = ntohl(nla_get_be32(cda[CTA_ID]));
- if (id != (u32)(unsigned long)ct) {
+ __be32 id = nla_get_be32(cda[CTA_ID]);
+
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -305,6 +305,9 @@ static bool tcp_invert_tuple(struct nf_c