Refuse to unload the ipdivert module unless the 'force' flag is given to kldunload.

Reflect the fact that IPDIVERT is a loadable module in the divert(4) and ipfw(8) man pages.
2004-10-22 19:12:01 +00:00 · 2004-10-22 19:12:01 +00:00 · 24fc79b0a4
commit 24fc79b0a4
parent 1ef0fd8224
3 changed files with 28 additions and 8 deletions
--- a/sbin/ipfw/ipfw.8
+++ b/sbin/ipfw/ipfw.8
@ -1,7 +1,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd September 19, 2004
+.Dd October 22, 2004
 .Dt IPFW 8
 .Os
 .Sh NAME
@ -1812,9 +1812,9 @@ A
 .Xr divert 4
 socket bound to the specified port will receive all packets
 diverted to that port.
-If no socket is bound to the destination port, or if the kernel
-wasn't compiled with divert socket support, the packets are
-dropped.
+If no socket is bound to the destination port, or if the divert module is
+not loaded, or if the kernel wasn't compiled with divert socket support,
+the packets are dropped.
 .Sh SYSCTL VARIABLES
 A set of
 .Xr sysctl 8
--- a/share/man/man4/divert.4
+++ b/share/man/man4/divert.4
@ -1,6 +1,6 @@
 .\" $FreeBSD$
 .\"
-.Dd September 14, 2004
+.Dd October 22, 2004
 .Dt DIVERT 4
 .Os
 .Sh NAME
@ -115,12 +115,22 @@ to avoid loops, where the same packet is diverted more than once at the
 same rule.
 .Sh DETAILS
 To enable divert sockets, your kernel must be compiled with the option
-.Dv IPDIVERT .
+.Dv IPDIVERT
+or you have to load the
+.Dv IPDIVERT
+module.
+.Pp
+You can load the
+.Dv IPDIVERT
+module at runtime by issuing the following command:
+.Bd -literal -offset indent
+kldload ipdivert
+.Ed
 .Pp
 If a packet is diverted but no socket is bound to the
 port, or if
 .Dv IPDIVERT
-is not enabled in the kernel, the packet is dropped.
+is not enabled or loaded in the kernel, the packet is dropped.
 .Pp
 Incoming packet fragments which get diverted are fully reassembled
 before delivery; the diversion of any one fragment causes the entire
--- a/sys/netinet/ip_divert.c
+++ b/sys/netinet/ip_divert.c
@ -688,8 +688,18 @@ div_modevent(module_t mod, int type, void *unused)
 		err = pf_proto_register(PF_INET, &div_protosw);
 		ip_divert_ptr = divert_packet;
 		break;
+	case MOD_QUIESCE:
+		/*
+		 * IPDIVERT may normally not be unloaded because of the
+		 * potential race conditions.  Tell kldunload we can't be
+		 * unloaded unless the unload is forced.
+		 */
+		err = EPERM;
+		break;
 	case MOD_UNLOAD:
 		/*
+		 * Forced unload.
+		 *
 		 * Module ipdivert can only be unloaded if no sockets are
 		 * connected.  Maybe this can be changed later to forcefully
 		 * disconnect any open sockets.
@ -712,7 +722,7 @@ div_modevent(module_t mod, int type, void *unused)
 		uma_zdestroy(divcbinfo.ipi_zone);
 		break;
 	default:
-		return EINVAL;
+		err = EOPNOTSUPP;
 		break;
 	}
 	return err;