4.19.y stable request: nat soft lockup fix

Sasha, Greg,

Could you queue following two commits for 4.19.y tree?

6ed5943f8735e2b778d92ea4d9805c0a1d89bc2b netfilter: nat: remove l4 protocol port rovers

a504b703bb1da526a01593da0e4be2af9d9f5fa8 netfilter: nat: limit port clash resolution attempts

This resolves softlockup when most of the ephemeral ports are in use.

Its also needed on older kernels but unfortunately they won't apply as-is. We will try to get modified backports for older releases and forward them to stable@ later.

Thanks, Florian