Reapply r345274 with build fixes for 32-bit architectures.

  Update NAT64LSN implementation:

  o most of data structures and relations were modified to be able support
    large number of translation states. Now each supported protocol can
    use full ports range. Ports groups now are belongs to IPv4 alias
    addresses, not hosts. Each ports group can keep several states chunks.
    This is controlled with new `states_chunks` config option. States
    chunks allow to have several translation states for single alias address
    and port, but for different destination addresses.
  o by default all hash tables now use jenkins hash.
  o ConcurrencyKit and epoch(9) is used to make NAT64LSN lockless on fast path.
  o one NAT64LSN instance now can be used to handle several IPv6 prefixes,
    special prefix "::" value should be used for this purpose when instance
    is created.
  o due to modified internal data structures relations, the socket opcode
    that does states listing was changed.

Obtained from:	Yandex LLC
MFC after:	1 month
Sponsored by:	Yandex LLC

1 files changed, 37 insertions, 8 deletions

diff --git a/sys/netinet6/ip_fw_nat64.h b/sys/netinet6/ip_fw_nat64.h
index 47c0a70d167f..40e3441132e1 100644
--- a/sys/netinet6/ip_fw_nat64.h
+++ b/sys/netinet6/ip_fw_nat64.h
@@ -122,7 +122,7 @@ typedef struct _ipfw_nat64clat_cfg {
 /*
  * NAT64LSN default configuration values
  */
-#define	NAT64LSN_MAX_PORTS	2048	/* Max number of ports per host */
+#define	NAT64LSN_MAX_PORTS	2048	/* Unused */
 #define	NAT64LSN_JMAXLEN	2048	/* Max outstanding requests. */
 #define	NAT64LSN_TCP_SYN_AGE	10	/* State's TTL after SYN received. */
 #define	NAT64LSN_TCP_EST_AGE	(2 * 3600) /* TTL for established connection */
@@ -135,16 +135,20 @@ typedef struct _ipfw_nat64clat_cfg {
 typedef struct _ipfw_nat64lsn_cfg {
 	char		name[64];	/* NAT name			*/
 	uint32_t	flags;
-	uint32_t	max_ports;	/* Max ports per client */
-	uint32_t	agg_prefix_len;	/* Prefix length to count */
-	uint32_t	agg_prefix_max;	/* Max hosts per agg prefix */
+
+	uint32_t	max_ports;      /* Unused */
+	uint32_t	agg_prefix_len; /* Unused */
+	uint32_t	agg_prefix_max; /* Unused */
+
 	struct in_addr	prefix4;
 	uint16_t	plen4;		/* Prefix length */
 	uint16_t	plen6;		/* Prefix length */
 	struct in6_addr	prefix6;	/* NAT64 prefix */
 	uint32_t	jmaxlen;	/* Max jobqueue length */
-	uint16_t	min_port;	/* Min port group # to use */
-	uint16_t	max_port;	/* Max port group # to use */
+
+	uint16_t	min_port;	/* Unused */
+	uint16_t	max_port;	/* Unused */
+
 	uint16_t	nh_delete_delay;/* Stale host delete delay */
 	uint16_t	pg_delete_delay;/* Stale portgroup delete delay */
 	uint16_t	st_syn_ttl;	/* TCP syn expire */
@@ -153,7 +157,7 @@ typedef struct _ipfw_nat64lsn_cfg {
 	uint16_t	st_udp_ttl;	/* UDP expire */
 	uint16_t	st_icmp_ttl;	/* ICMP expire */
 	uint8_t		set;		/* Named instance set [0..31] */
-	uint8_t		spare;
+	uint8_t		states_chunks;	/* Number of states chunks per PG */
 } ipfw_nat64lsn_cfg;
 
 typedef struct _ipfw_nat64lsn_state {
@@ -177,5 +181,30 @@ typedef struct _ipfw_nat64lsn_stg {
 	uint32_t	spare2;
 } ipfw_nat64lsn_stg;
 
-#endif /* _NETINET6_IP_FW_NAT64_H_ */
+typedef struct _ipfw_nat64lsn_state_v1 {
+	struct in6_addr	host6;		/* Bound IPv6 host */
+	struct in_addr	daddr;		/* Remote IPv4 address */
+	uint16_t	dport;		/* Remote destination port */
+	uint16_t	aport;		/* Local alias port */
+	uint16_t	sport;		/* Source port */
+	uint16_t	spare;
+	uint16_t	idle;		/* Last used time */
+	uint8_t		flags;		/* State flags */
+	uint8_t		proto;		/* protocol */
+} ipfw_nat64lsn_state_v1;
 
+typedef struct _ipfw_nat64lsn_stg_v1 {
+	union nat64lsn_pgidx {
+		uint64_t	index;
+		struct {
+			uint8_t		chunk;	/* states chunk */
+			uint8_t		proto;	/* protocol */
+			uint16_t	port;	/* base port */
+			in_addr_t	addr;	/* alias address */
+		};
+	} next;				/* next state index */
+	struct in_addr	alias4;		/* IPv4 alias address */
+	uint32_t	count;		/* Number of states */
+} ipfw_nat64lsn_stg_v1;
+
+#endif /* _NETINET6_IP_FW_NAT64_H_ */