The net_timeout structure is documented to exist because of behavior
that is no longer true, i.e. that `k_delayed_work_submit()` supports
only delays up to INT32_MAX milliseconds. Nonetheless, use of 32-bit
timestamps within the work handlers mean the restriction is still
present.
This infrastructure is currently used for two timers with long
durations:
* address for IPv6 addresses
* prefix for IPv6 prefixes
The handling of rollover was subtly different between these: address
wraps reset the start time while prefix wraps did not.
The calculation of remaining time in ipv6_nbr was incorrect when the
original requested time in seconds was a multiple of
NET_TIMEOUT_MAX_VALUE: the remainder value would be zero while the
wrap counter was positive, causing the calculation to indicate no time
remained.
The maximum value was set to allow a 100 ms latency between elapse of
the deadline and assessment of a given timer, but detection of
rollover assumed that the captured time in the work handler was
precisely the expected deadline, which is unlikely to be true. Use of
the shared system work queue also risks observed latency exceeding 100
ms. These calculations could produce delays to next event that
exceeded the maximum delay, which introduced special cases.
Refactor so all operations that use this structure are encapsulated
into API that is documented and has a full-coverage unit test. Switch
to the standard mechanism of detecting completed deadlines by
calculating the signed difference between the deadline and the current
time, which eliminates some special cases.
Uniformly rely on the scanning the set of timers to determine the next
deadline, rather than assuming that the most recent update is always
next.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>