Use IP_FW_NAT44_DESTROY opcode for IP_FW3 socket option to destroy

NAT instance.

The NAT44 group of opcodes for IP_FW3 socket option is modern way
to control NAT instances and this method can be used in future to
switch from numeric to named NAT instances, like was done for ipfw
tables.
The IP_FW_NAT_DEL opcode is the last remnant of old ipfw_ctl control
plane that doesn't support versioned operations. This interface will
be retired soon.

Reviewed by:	melifaro
MFC after:	10 days
Sponsored by:	Yandex LLC

sbin/ipfw/ipfw2.c

@@ -3328,13 +3328,7 @@ ipfw_delete(char *av[])
 			j = strtol(sep + 1, NULL, 10);
 		av++;
 		if (co.do_nat) {
-			exitval = do_cmd(IP_FW_NAT_DEL, &i, sizeof i);
-			if (exitval) {
-				exitval = EX_UNAVAILABLE;
-				if (co.do_quiet)
-					continue;
-				warn("nat %u not available", i);
-			}
+			exitval = ipfw_delete_nat(i);
 		} else if (co.do_pipe) {
 			exitval = ipfw_delete_pipe(co.do_pipe, i);
 		} else {

sbin/ipfw/ipfw2.h

@@ -387,6 +387,7 @@ extern int resvd_set_number;
 /* first-level command handlers */
 void ipfw_add(char *av[]);
 void ipfw_show_nat(int ac, char **av);
+int ipfw_delete_nat(int i);
 void ipfw_config_pipe(int ac, char **av);
 void ipfw_config_nat(int ac, char **av);
 void ipfw_sets_handler(char *av[]);

sbin/ipfw/nat.c

@@ -939,6 +939,34 @@ ipfw_config_nat(int ac, char **av)
 	}
 }
 
+static void
+nat_fill_ntlv(ipfw_obj_ntlv *ntlv, int i)
+{
+
+	ntlv->head.type = IPFW_TLV_EACTION_NAME(1); /* it doesn't matter */
+	ntlv->head.length = sizeof(ipfw_obj_ntlv);
+	ntlv->idx = 1;
+	ntlv->set = 0; /* not yet */
+	snprintf(ntlv->name, sizeof(ntlv->name), "%d", i);
+}
+
+int
+ipfw_delete_nat(int i)
+{
+	ipfw_obj_header oh;
+	int ret;
+
+	memset(&oh, 0, sizeof(oh));
+	nat_fill_ntlv(&oh.ntlv, i);
+	ret = do_set3(IP_FW_NAT44_DESTROY, &oh.opheader, sizeof(oh));
+	if (ret == -1) {
+		if (!co.do_quiet)
+			warn("nat %u not available", i);
+		return (EX_UNAVAILABLE);
+	}
+	return (EX_OK);
+}
+
 struct nat_list_arg {
 	uint16_t	cmd;
 	int		is_all;