From 47a0b59379c3bec547e7c829eb12de8276227dff Mon Sep 17 00:00:00 2001 From: Kristof Provost Date: Sat, 25 Nov 2023 00:43:48 +0100 Subject: [PATCH] pfctl: use libpfctl instead of DIOCGETRULES directly MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") --- sbin/pfctl/pfctl_optimize.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/sbin/pfctl/pfctl_optimize.c b/sbin/pfctl/pfctl_optimize.c index aefd7b6471e5..95292999c50a 100644 --- a/sbin/pfctl/pfctl_optimize.c +++ b/sbin/pfctl/pfctl_optimize.c @@ -877,24 +877,23 @@ block_feedback(struct pfctl *pf, struct superblock *block) int load_feedback_profile(struct pfctl *pf, struct superblocks *superblocks) { + char anchor_call[MAXPATHLEN] = ""; struct superblock *block, *blockcur; struct superblocks prof_superblocks; struct pf_opt_rule *por; struct pf_opt_queue queue; - struct pfioc_rule pr; + struct pfctl_rules_info rules; struct pfctl_rule a, b, rule; int nr, mnr; TAILQ_INIT(&queue); TAILQ_INIT(&prof_superblocks); - memset(&pr, 0, sizeof(pr)); - pr.rule.action = PF_PASS; - if (ioctl(pf->dev, DIOCGETRULES, &pr)) { + if (pfctl_get_rules_info(pf->dev, &rules, PF_PASS, "")) { warn("DIOCGETRULES"); return (1); } - mnr = pr.nr; + mnr = rules.nr; DEBUG("Loading %d active rules for a feedback profile", mnr); for (nr = 0; nr < mnr; ++nr) { @@ -903,15 +902,14 @@ load_feedback_profile(struct pfctl *pf, struct superblocks *superblocks) warn("calloc"); return (1); } - pr.nr = nr; - if (pfctl_get_rule(pf->dev, nr, pr.ticket, "", PF_PASS, - &rule, pr.anchor_call)) { + if (pfctl_get_rule(pf->dev, nr, rules.ticket, "", PF_PASS, + &rule, anchor_call)) { warn("DIOCGETRULENV"); return (1); } memcpy(&por->por_rule, &rule, sizeof(por->por_rule)); - rs = pf_find_or_create_ruleset(pr.anchor_call); + rs = pf_find_or_create_ruleset(anchor_call); por->por_rule.anchor = rs->anchor; if (TAILQ_EMPTY(&por->por_rule.rpool.list)) memset(&por->por_rule.rpool, 0,