From 24fc79b0a4a82c4090cfb59ca9798079072445f7 Mon Sep 17 00:00:00 2001 From: Andre Oppermann Date: Fri, 22 Oct 2004 19:12:01 +0000 Subject: [PATCH] Refuse to unload the ipdivert module unless the 'force' flag is given to kldunload. Reflect the fact that IPDIVERT is a loadable module in the divert(4) and ipfw(8) man pages. --- sbin/ipfw/ipfw.8 | 8 ++++---- share/man/man4/divert.4 | 16 +++++++++++++--- sys/netinet/ip_divert.c | 12 +++++++++++- 3 files changed, 28 insertions(+), 8 deletions(-) diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index e37b89086a3f..96944e1d6355 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -1,7 +1,7 @@ .\" .\" $FreeBSD$ .\" -.Dd September 19, 2004 +.Dd October 22, 2004 .Dt IPFW 8 .Os .Sh NAME @@ -1812,9 +1812,9 @@ A .Xr divert 4 socket bound to the specified port will receive all packets diverted to that port. -If no socket is bound to the destination port, or if the kernel -wasn't compiled with divert socket support, the packets are -dropped. +If no socket is bound to the destination port, or if the divert module is +not loaded, or if the kernel wasn't compiled with divert socket support, +the packets are dropped. .Sh SYSCTL VARIABLES A set of .Xr sysctl 8 diff --git a/share/man/man4/divert.4 b/share/man/man4/divert.4 index d4b39abfe0ab..420bcc57c6e7 100644 --- a/share/man/man4/divert.4 +++ b/share/man/man4/divert.4 @@ -1,6 +1,6 @@ .\" $FreeBSD$ .\" -.Dd September 14, 2004 +.Dd October 22, 2004 .Dt DIVERT 4 .Os .Sh NAME @@ -115,12 +115,22 @@ to avoid loops, where the same packet is diverted more than once at the same rule. .Sh DETAILS To enable divert sockets, your kernel must be compiled with the option -.Dv IPDIVERT . +.Dv IPDIVERT +or you have to load the +.Dv IPDIVERT +module. +.Pp +You can load the +.Dv IPDIVERT +module at runtime by issuing the following command: +.Bd -literal -offset indent +kldload ipdivert +.Ed .Pp If a packet is diverted but no socket is bound to the port, or if .Dv IPDIVERT -is not enabled in the kernel, the packet is dropped. +is not enabled or loaded in the kernel, the packet is dropped. .Pp Incoming packet fragments which get diverted are fully reassembled before delivery; the diversion of any one fragment causes the entire diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c index d3efde019432..7be0e35668d1 100644 --- a/sys/netinet/ip_divert.c +++ b/sys/netinet/ip_divert.c @@ -688,8 +688,18 @@ div_modevent(module_t mod, int type, void *unused) err = pf_proto_register(PF_INET, &div_protosw); ip_divert_ptr = divert_packet; break; + case MOD_QUIESCE: + /* + * IPDIVERT may normally not be unloaded because of the + * potential race conditions. Tell kldunload we can't be + * unloaded unless the unload is forced. + */ + err = EPERM; + break; case MOD_UNLOAD: /* + * Forced unload. + * * Module ipdivert can only be unloaded if no sockets are * connected. Maybe this can be changed later to forcefully * disconnect any open sockets. @@ -712,7 +722,7 @@ div_modevent(module_t mod, int type, void *unused) uma_zdestroy(divcbinfo.ipi_zone); break; default: - return EINVAL; + err = EOPNOTSUPP; break; } return err;