Rework ipfw dynamic states implementation to be lockless on fast path.


Rework ipfw dynamic states implementation to be lockless on fast path.

o added struct ipfw_dyn_info that keeps all needed for ipfw_chk and

for dynamic states implementation information;

o added DYN_LOOKUP_NEEDED() macro that can be used to determine the

need of new lookup of dynamic states;

o ipfw_dyn_rule now becomes obsolete. Currently it used to pass

information from kernel to userland only.

o IPv4 and IPv6 states now described by different structures

dyn_ipv4_state and dyn_ipv6_state;

o IPv6 scope zones support is added;
o ipfw(4) now depends from Concurrency Kit;
o states are linked with "entry" field using CK_SLIST. This allows

lockless lookup and protected by mutex modifications.

o the "expired" SLIST field is used for states expiring.
o struct dyn_data is used to keep generic information for both IPv4

and IPv6;

o struct dyn_parent is used to keep O_LIMIT_PARENT information;
o IPv4 and IPv6 states are stored in different hash tables;
o O_LIMIT_PARENT states now are kept separately from O_LIMIT and

O_KEEP_STATE states;

o per-cpu dyn_hp pointers are used to implement hazard pointers and they

prevent freeing states that are locklessly used by lookup threads;

o mutexes to protect modification of lists in hash tables now kept in

separate arrays. 65535 limit to maximum number of hash buckets now

o Separate lookup and install functions added for IPv4 and IPv6 states

and for parent states.

o By default now is used Jenkinks hash function.

Obtained from: Yandex LLC
MFC after: 42 days
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D12685