Author: ae
Date: Tue Mar 24 12:27:02 2020
New Revision: 359271
URL: https://svnweb.freebsd.org/changeset/base/359271

Log:
  Use IP_FW_NAT44_DESTROY opcode for IP_FW3 socket option to destroy
  NAT instance.
  
  The NAT44 group of opcodes for IP_FW3 socket option is modern way
  to control NAT instances and this method can be used in future to
  switch from numeric to named NAT instances, like was done for ipfw
  tables.
  The IP_FW_NAT_DEL opcode is the last remnant of old ipfw_ctl control
  plane that doesn't support versioned operations. This interface will
  be retired soon.
  
  Reviewed by:  melifaro
  MFC after:    10 days
  Sponsored by: Yandex LLC

Modified:
  head/sbin/ipfw/ipfw2.c
  head/sbin/ipfw/ipfw2.h
  head/sbin/ipfw/nat.c

Modified: head/sbin/ipfw/ipfw2.c
==============================================================================
--- head/sbin/ipfw/ipfw2.c      Tue Mar 24 07:08:39 2020        (r359270)
+++ head/sbin/ipfw/ipfw2.c      Tue Mar 24 12:27:02 2020        (r359271)
@@ -3328,13 +3328,7 @@ ipfw_delete(char *av[])
                        j = strtol(sep + 1, NULL, 10);
                av++;
                if (co.do_nat) {
-                       exitval = do_cmd(IP_FW_NAT_DEL, &i, sizeof i);
-                       if (exitval) {
-                               exitval = EX_UNAVAILABLE;
-                               if (co.do_quiet)
-                                       continue;
-                               warn("nat %u not available", i);
-                       }
+                       exitval = ipfw_delete_nat(i);
                } else if (co.do_pipe) {
                        exitval = ipfw_delete_pipe(co.do_pipe, i);
                } else {

Modified: head/sbin/ipfw/ipfw2.h
==============================================================================
--- head/sbin/ipfw/ipfw2.h      Tue Mar 24 07:08:39 2020        (r359270)
+++ head/sbin/ipfw/ipfw2.h      Tue Mar 24 12:27:02 2020        (r359271)
@@ -387,6 +387,7 @@ extern int resvd_set_number;
 /* first-level command handlers */
 void ipfw_add(char *av[]);
 void ipfw_show_nat(int ac, char **av);
+int ipfw_delete_nat(int i);
 void ipfw_config_pipe(int ac, char **av);
 void ipfw_config_nat(int ac, char **av);
 void ipfw_sets_handler(char *av[]);

Modified: head/sbin/ipfw/nat.c
==============================================================================
--- head/sbin/ipfw/nat.c        Tue Mar 24 07:08:39 2020        (r359270)
+++ head/sbin/ipfw/nat.c        Tue Mar 24 12:27:02 2020        (r359271)
@@ -939,6 +939,34 @@ ipfw_config_nat(int ac, char **av)
        }
 }
 
+static void
+nat_fill_ntlv(ipfw_obj_ntlv *ntlv, int i)
+{
+
+       ntlv->head.type = IPFW_TLV_EACTION_NAME(1); /* it doesn't matter */
+       ntlv->head.length = sizeof(ipfw_obj_ntlv);
+       ntlv->idx = 1;
+       ntlv->set = 0; /* not yet */
+       snprintf(ntlv->name, sizeof(ntlv->name), "%d", i);
+}
+
+int
+ipfw_delete_nat(int i)
+{
+       ipfw_obj_header oh;
+       int ret;
+
+       memset(&oh, 0, sizeof(oh));
+       nat_fill_ntlv(&oh.ntlv, i);
+       ret = do_set3(IP_FW_NAT44_DESTROY, &oh.opheader, sizeof(oh));
+       if (ret == -1) {
+               if (!co.do_quiet)
+                       warn("nat %u not available", i);
+               return (EX_UNAVAILABLE);
+       }
+       return (EX_OK);
+}
+
 struct nat_list_arg {
        uint16_t        cmd;
        int             is_all;
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to