Rework if_ipsec(4) to use epoch(9) instead of rmlock.
- use CK_LIST and FNV hash to keep chains of softc;
- read access to softc is protected by epoch();
- write access is protected by ipsec_ioctl_sx. Changing of softc fields is allowed only when softc is unlinked from CK_LIST chains.
- linking/unlinking of softc is allowed only when ipsec_ioctl_sx is exclusive locked.
- the plain LIST of all softc is replaced by hash table that uses ingress address of tunnels as a key.
- added support for appearing/disappearing of ingress address handling. Now it is allowed configure non-local ingress IP address, and thus the problem with if_ipsec(4) configuration that happens on boot, when ingress address is not yet configured, is solved.
MFC after: 1 month
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D17190