svn commit: r359648 - stable/12/sbin/ipfw

Mon Apr 6 06:34:46 UTC 2020

Author: ae
Date: Mon Apr  6 06:34:45 2020
New Revision: 359648
URL: https://svnweb.freebsd.org/changeset/base/359648

Log:
  MFC r359271:
    Use IP_FW_NAT44_DESTROY opcode for IP_FW3 socket option to destroy
    NAT instance.
  
    The NAT44 group of opcodes for IP_FW3 socket option is modern way
    to control NAT instances and this method can be used in future to
    switch from numeric to named NAT instances, like was done for ipfw
    tables.
    The IP_FW_NAT_DEL opcode is the last remnant of old ipfw_ctl control
    plane that doesn't support versioned operations. This interface will
    be retired soon.

Modified:
  stable/12/sbin/ipfw/ipfw2.c
  stable/12/sbin/ipfw/ipfw2.h
  stable/12/sbin/ipfw/nat.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sbin/ipfw/ipfw2.c
==============================================================================

--- stable/12/sbin/ipfw/ipfw2.c	Mon Apr  6 05:48:58 2020	(r359647)
+++ stable/12/sbin/ipfw/ipfw2.c	Mon Apr  6 06:34:45 2020	(r359648)
@@ -3328,13 +3328,7 @@ ipfw_delete(char *av[])
 			j = strtol(sep + 1, NULL, 10);
 		av++;
 		if (co.do_nat) {
-			exitval = do_cmd(IP_FW_NAT_DEL, &i, sizeof i);
-			if (exitval) {
-				exitval = EX_UNAVAILABLE;
-				if (co.do_quiet)
-					continue;
-				warn("nat %u not available", i);
-			}
+			exitval = ipfw_delete_nat(i);
 		} else if (co.do_pipe) {
 			exitval = ipfw_delete_pipe(co.do_pipe, i);
 		} else {

Modified: stable/12/sbin/ipfw/ipfw2.h
==============================================================================
--- stable/12/sbin/ipfw/ipfw2.h	Mon Apr  6 05:48:58 2020	(r359647)
+++ stable/12/sbin/ipfw/ipfw2.h	Mon Apr  6 06:34:45 2020	(r359648)
@@ -386,6 +386,7 @@ extern int resvd_set_number;
 /* first-level command handlers */
 void ipfw_add(char *av[]);
 void ipfw_show_nat(int ac, char **av);
+int ipfw_delete_nat(int i);
 void ipfw_config_pipe(int ac, char **av);
 void ipfw_config_nat(int ac, char **av);
 void ipfw_sets_handler(char *av[]);

Modified: stable/12/sbin/ipfw/nat.c
==============================================================================
--- stable/12/sbin/ipfw/nat.c	Mon Apr  6 05:48:58 2020	(r359647)
+++ stable/12/sbin/ipfw/nat.c	Mon Apr  6 06:34:45 2020	(r359648)
@@ -931,6 +931,34 @@ ipfw_config_nat(int ac, char **av)
 	}
 }
 
+static void
+nat_fill_ntlv(ipfw_obj_ntlv *ntlv, int i)
+{
+
+	ntlv->head.type = IPFW_TLV_EACTION_NAME(1); /* it doesn't matter */
+	ntlv->head.length = sizeof(ipfw_obj_ntlv);
+	ntlv->idx = 1;
+	ntlv->set = 0; /* not yet */
+	snprintf(ntlv->name, sizeof(ntlv->name), "%d", i);
+}
+
+int
+ipfw_delete_nat(int i)
+{
+	ipfw_obj_header oh;
+	int ret;
+
+	memset(&oh, 0, sizeof(oh));
+	nat_fill_ntlv(&oh.ntlv, i);
+	ret = do_set3(IP_FW_NAT44_DESTROY, &oh.opheader, sizeof(oh));
+	if (ret == -1) {
+		if (!co.do_quiet)
+			warn("nat %u not available", i);
+		return (EX_UNAVAILABLE);
+	}
+	return (EX_OK);
+}
+
 struct nat_list_arg {
 	uint16_t	cmd;
 	int		is_all;
