aboutsummaryrefslogtreecommitdiff
path: root/sbin/ipfw
diff options
context:
space:
mode:
authorAndrey V. Elsukov <ae@FreeBSD.org>2020-03-24 12:27:02 +0000
committerAndrey V. Elsukov <ae@FreeBSD.org>2020-03-24 12:27:02 +0000
commitdb1102f2131c78b6f93a746386bbe88da6df8c84 (patch)
treed4476efcc40054422668aeef06b9b54be9c5df4f /sbin/ipfw
parent8daefe0081fc5eaf1c81a113d1bf8479317b1c31 (diff)
downloadsrc-db1102f2131c78b6f93a746386bbe88da6df8c84.tar.gz
src-db1102f2131c78b6f93a746386bbe88da6df8c84.zip
Use IP_FW_NAT44_DESTROY opcode for IP_FW3 socket option to destroy
NAT instance. The NAT44 group of opcodes for IP_FW3 socket option is modern way to control NAT instances and this method can be used in future to switch from numeric to named NAT instances, like was done for ipfw tables. The IP_FW_NAT_DEL opcode is the last remnant of old ipfw_ctl control plane that doesn't support versioned operations. This interface will be retired soon. Reviewed by: melifaro MFC after: 10 days Sponsored by: Yandex LLC
Notes
Notes: svn path=/head/; revision=359271
Diffstat (limited to 'sbin/ipfw')
-rw-r--r--sbin/ipfw/ipfw2.c8
-rw-r--r--sbin/ipfw/ipfw2.h1
-rw-r--r--sbin/ipfw/nat.c28
3 files changed, 30 insertions, 7 deletions
diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c
index c81822782644..3858d27710c1 100644
--- a/sbin/ipfw/ipfw2.c
+++ b/sbin/ipfw/ipfw2.c
@@ -3328,13 +3328,7 @@ ipfw_delete(char *av[])
j = strtol(sep + 1, NULL, 10);
av++;
if (co.do_nat) {
- exitval = do_cmd(IP_FW_NAT_DEL, &i, sizeof i);
- if (exitval) {
- exitval = EX_UNAVAILABLE;
- if (co.do_quiet)
- continue;
- warn("nat %u not available", i);
- }
+ exitval = ipfw_delete_nat(i);
} else if (co.do_pipe) {
exitval = ipfw_delete_pipe(co.do_pipe, i);
} else {
diff --git a/sbin/ipfw/ipfw2.h b/sbin/ipfw/ipfw2.h
index 2579dc5f51ae..4540ab16b9bf 100644
--- a/sbin/ipfw/ipfw2.h
+++ b/sbin/ipfw/ipfw2.h
@@ -387,6 +387,7 @@ extern int resvd_set_number;
/* first-level command handlers */
void ipfw_add(char *av[]);
void ipfw_show_nat(int ac, char **av);
+int ipfw_delete_nat(int i);
void ipfw_config_pipe(int ac, char **av);
void ipfw_config_nat(int ac, char **av);
void ipfw_sets_handler(char *av[]);
diff --git a/sbin/ipfw/nat.c b/sbin/ipfw/nat.c
index 51fc9da17108..f0e190266b73 100644
--- a/sbin/ipfw/nat.c
+++ b/sbin/ipfw/nat.c
@@ -939,6 +939,34 @@ ipfw_config_nat(int ac, char **av)
}
}
+static void
+nat_fill_ntlv(ipfw_obj_ntlv *ntlv, int i)
+{
+
+ ntlv->head.type = IPFW_TLV_EACTION_NAME(1); /* it doesn't matter */
+ ntlv->head.length = sizeof(ipfw_obj_ntlv);
+ ntlv->idx = 1;
+ ntlv->set = 0; /* not yet */
+ snprintf(ntlv->name, sizeof(ntlv->name), "%d", i);
+}
+
+int
+ipfw_delete_nat(int i)
+{
+ ipfw_obj_header oh;
+ int ret;
+
+ memset(&oh, 0, sizeof(oh));
+ nat_fill_ntlv(&oh.ntlv, i);
+ ret = do_set3(IP_FW_NAT44_DESTROY, &oh.opheader, sizeof(oh));
+ if (ret == -1) {
+ if (!co.do_quiet)
+ warn("nat %u not available", i);
+ return (EX_UNAVAILABLE);
+ }
+ return (EX_OK);
+}
+
struct nat_list_arg {
uint16_t cmd;
int is_all;