This series removes the unconfirmed and dying percpu lists. Dying list is replaced by pernet list, only used when reliable event delivery mode was requested. Unconfirmed list is replaced by a generation id for the conntrack extesions, to detect when pointers to external objects (timeout policy, helper, ...) has gone stale. An alternative to the genid would be to always take references on such external objects, let me know if that is the preferred solution. Changes in v4: - drop patch to move to global event_cb in netlink - this allows to drop the preceding nfnl patch - drop cttimeout rcu patch, its not required - amend commit message in patch 3 to mention need to move IPS_CONFIRMED bit setting. Changes in v3: - fix build bugs reported by kbuild robot - add patch #16 Florian Westphal (10): netfilter: ecache: use dedicated list for event redelivery netfilter: conntrack: include ecache dying list in dumps netfilter: conntrack: remove the percpu dying list netfilter: cttimeout: decouple unlink and free on netns destruction netfilter: remove nf_ct_unconfirmed_destroy helper netfilter: extensions: introduce extension genid count netfilter: cttimeout: decouple unlink and free on netns destruction netfilter: conntrack: remove __nf_ct_unconfirmed_destroy netfilter: conntrack: remove unconfirmed list netfilter: conntrack: avoid unconditional local_bh_disable include/net/netfilter/nf_conntrack.h | 7 +- include/net/netfilter/nf_conntrack_ecache.h | 4 +- include/net/netfilter/nf_conntrack_extend.h | 31 +-- include/net/netfilter/nf_conntrack_labels.h | 10 +- include/net/netfilter/nf_conntrack_timeout.h | 8 - include/net/netns/conntrack.h | 7 - net/netfilter/nf_conntrack_core.c | 230 ++++++++----------- net/netfilter/nf_conntrack_ecache.c | 127 +++++----- net/netfilter/nf_conntrack_extend.c | 32 ++- net/netfilter/nf_conntrack_helper.c | 5 - net/netfilter/nf_conntrack_netlink.c | 76 +++--- net/netfilter/nfnetlink_cttimeout.c | 47 +++- 12 files changed, 298 insertions(+), 286 deletions(-) -- 2.35.1
