I think we want to do this conversion in libpfctl, otherwise the last_active field in pfctl_eth_rule never gets populated.
Although arguably if the last_active_timestamp and last_active are just the same value, only different types there may not be a lot of utility in keeping them both, and maybe we should only keep a time_t last_active in struct pfctl_eth_rule.

ipfw does a check to see if the time_uptime changed before it does the write. (That was introduced in 7e767c791f65f8d07bf99ce1d33d7f3e36e269d5).

I wonder if it's worth doing that as well. time_uptime is only going to change once a second, and we can get a lot of packets pass through in a second. I'm not clear on the details of how the CPU cache will deal with this, but it's certainly something we should try to benchmark.

Would it be easier to use time_second instead of time_uptime plus the boottime? time(9) describes that as 'The time_second variable is the system's “wall time” clock to the second.'

this will be terrible for peformance. branching on time_uptime being different is probably tolerable for the time being, but preferably it would get sorted out to be per-cpu to avoid any stores to the shared area.

this needs to use atomic_store_int to save the value and atomic_load_int to read time_uptime. Bugs of this sort are all over the kernel right now and perhaps it would make sense to convert time_uptime to an opaque time which causes a compilation failure when read without a proper accessor.

I actually had intended to remove the last_active field from the rules structs, which is why this code just uses a stack var. I'll fix that.

I also agree that branching is unwanted here. I've been toying with the idea of the rule timestamp update being an asynchronous task since the resolution is only one second. The rule / state match would only need to add the rule address to a collection of rules that need updating, and the async task would do the actual work of updating the rules. How does that idea strike you?

Probably, I think we only used time_uptime because ipfw already did. I'll make this change.

I'm pretty sure that any async mechanism you'd use is going to be (a lot) more heavyweight than the branch, or maintaining per-CPU values.

The per-CPU values are almost certainly the way to go. We'd trade memory (but not a whole lot of it) for cache performance, and reading the rules is a relatively rare operation, so that being infinitesimally slower is not an issue.

you can easily allocate it with uma_zalloc_pcpu. then you can blindly store it to your per-cpu var.

I'd be tempted to just initialise *__ts to 0 and then remove the cpu == 0 check.

I don't think it's worth doing this check now that it's a per-cpu value. We can just assign it unconditionally.

That should probably be '#include <vm/uma.h>` and be lower down in the include list.

I don't think we need this M_ZERO.

#include <sys/types.h> would be better, I think.
We'd usually avoid including headers starting with _.

Still needs cleanup.