From owner-svn-src-stable-11@freebsd.org  Mon Apr  6 06:38:55 2020
Return-Path: <owner-svn-src-stable-11@freebsd.org>
Delivered-To: svn-src-stable-11@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 682732A462A;
 Mon,  6 Apr 2020 06:38:55 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 48wgqM226yz4ZW0;
 Mon,  6 Apr 2020 06:38:55 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 40C8C23AB2;
 Mon,  6 Apr 2020 06:38:55 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0366ct3u096149;
 Mon, 6 Apr 2020 06:38:55 GMT (envelope-from ae@FreeBSD.org)
Received: (from ae@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0366csuU096146;
 Mon, 6 Apr 2020 06:38:54 GMT (envelope-from ae@FreeBSD.org)
Message-Id: <202004060638.0366csuU096146@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org
 using -f
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Date: Mon, 6 Apr 2020 06:38:54 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject: svn commit: r359649 - stable/11/sbin/ipfw
X-SVN-Group: stable-11
X-SVN-Commit-Author: ae
X-SVN-Commit-Paths: stable/11/sbin/ipfw
X-SVN-Commit-Revision: 359649
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable-11@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for only the 11-stable src tree
 <svn-src-stable-11.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable-11>, 
 <mailto:svn-src-stable-11-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-11/>
List-Post: <mailto:svn-src-stable-11@freebsd.org>
List-Help: <mailto:svn-src-stable-11-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable-11>, 
 <mailto:svn-src-stable-11-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Apr 2020 06:38:55 -0000

Author: ae
Date: Mon Apr  6 06:38:54 2020
New Revision: 359649
URL: https://svnweb.freebsd.org/changeset/base/359649

Log:
  MFC r359271:
    Use IP_FW_NAT44_DESTROY opcode for IP_FW3 socket option to destroy
    NAT instance.
  
    The NAT44 group of opcodes for IP_FW3 socket option is modern way
    to control NAT instances and this method can be used in future to
    switch from numeric to named NAT instances, like was done for ipfw
    tables.
    The IP_FW_NAT_DEL opcode is the last remnant of old ipfw_ctl control
    plane that doesn't support versioned operations. This interface will
    be retired soon.

Modified:
  stable/11/sbin/ipfw/ipfw2.c
  stable/11/sbin/ipfw/ipfw2.h
  stable/11/sbin/ipfw/nat.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sbin/ipfw/ipfw2.c
==============================================================================
--- stable/11/sbin/ipfw/ipfw2.c	Mon Apr  6 06:34:45 2020	(r359648)
+++ stable/11/sbin/ipfw/ipfw2.c	Mon Apr  6 06:38:54 2020	(r359649)
@@ -3328,13 +3328,7 @@ ipfw_delete(char *av[])
 			j = strtol(sep + 1, NULL, 10);
 		av++;
 		if (co.do_nat) {
-			exitval = do_cmd(IP_FW_NAT_DEL, &i, sizeof i);
-			if (exitval) {
-				exitval = EX_UNAVAILABLE;
-				if (co.do_quiet)
-					continue;
-				warn("nat %u not available", i);
-			}
+			exitval = ipfw_delete_nat(i);
 		} else if (co.do_pipe) {
 			exitval = ipfw_delete_pipe(co.do_pipe, i);
 		} else {

Modified: stable/11/sbin/ipfw/ipfw2.h
==============================================================================
--- stable/11/sbin/ipfw/ipfw2.h	Mon Apr  6 06:34:45 2020	(r359648)
+++ stable/11/sbin/ipfw/ipfw2.h	Mon Apr  6 06:38:54 2020	(r359649)
@@ -384,6 +384,7 @@ extern int resvd_set_number;
 /* first-level command handlers */
 void ipfw_add(char *av[]);
 void ipfw_show_nat(int ac, char **av);
+int ipfw_delete_nat(int i);
 void ipfw_config_pipe(int ac, char **av);
 void ipfw_config_nat(int ac, char **av);
 void ipfw_sets_handler(char *av[]);

Modified: stable/11/sbin/ipfw/nat.c
==============================================================================
--- stable/11/sbin/ipfw/nat.c	Mon Apr  6 06:34:45 2020	(r359648)
+++ stable/11/sbin/ipfw/nat.c	Mon Apr  6 06:38:54 2020	(r359649)
@@ -931,6 +931,34 @@ ipfw_config_nat(int ac, char **av)
 	}
 }
 
+static void
+nat_fill_ntlv(ipfw_obj_ntlv *ntlv, int i)
+{
+
+	ntlv->head.type = IPFW_TLV_EACTION_NAME(1); /* it doesn't matter */
+	ntlv->head.length = sizeof(ipfw_obj_ntlv);
+	ntlv->idx = 1;
+	ntlv->set = 0; /* not yet */
+	snprintf(ntlv->name, sizeof(ntlv->name), "%d", i);
+}
+
+int
+ipfw_delete_nat(int i)
+{
+	ipfw_obj_header oh;
+	int ret;
+
+	memset(&oh, 0, sizeof(oh));
+	nat_fill_ntlv(&oh.ntlv, i);
+	ret = do_set3(IP_FW_NAT44_DESTROY, &oh.opheader, sizeof(oh));
+	if (ret == -1) {
+		if (!co.do_quiet)
+			warn("nat %u not available", i);
+		return (EX_UNAVAILABLE);
+	}
+	return (EX_OK);
+}
+
 struct nat_list_arg {
 	uint16_t	cmd;
 	int		is_all;