git: ec990152c655 - stable/14 - pfctl: use libpfctl instead of DIOCGETRULES directly

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Mon, 04 Dec 2023 15:21:30 UTC 
The branch stable/14 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=ec990152c6553a658c40e78a94b0032af901397e

commit ec990152c6553a658c40e78a94b0032af901397e
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-11-24 23:43:48 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-12-04 15:20:57 +0000

    pfctl: use libpfctl instead of DIOCGETRULES directly
    
    MFC after:      1 week
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    
    (cherry picked from commit 47a0b59379c3bec547e7c829eb12de8276227dff)
---
 sbin/pfctl/pfctl_optimize.c | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/sbin/pfctl/pfctl_optimize.c b/sbin/pfctl/pfctl_optimize.c
index a377f9eb04dc..98da986b0aeb 100644
--- a/sbin/pfctl/pfctl_optimize.c
+++ b/sbin/pfctl/pfctl_optimize.c
@@ -878,24 +878,23 @@ block_feedback(struct pfctl *pf, struct superblock *block)
 int
 load_feedback_profile(struct pfctl *pf, struct superblocks *superblocks)
 {
+	char anchor_call[MAXPATHLEN] = "";
 	struct superblock *block, *blockcur;
 	struct superblocks prof_superblocks;
 	struct pf_opt_rule *por;
 	struct pf_opt_queue queue;
-	struct pfioc_rule pr;
+	struct pfctl_rules_info rules;
 	struct pfctl_rule a, b, rule;
 	int nr, mnr;
 
 	TAILQ_INIT(&queue);
 	TAILQ_INIT(&prof_superblocks);
 
-	memset(&pr, 0, sizeof(pr));
-	pr.rule.action = PF_PASS;
-	if (ioctl(pf->dev, DIOCGETRULES, &pr)) {
+	if (pfctl_get_rules_info(pf->dev, &rules, PF_PASS, "")) {
 		warn("DIOCGETRULES");
 		return (1);
 	}
-	mnr = pr.nr;
+	mnr = rules.nr;
 
 	DEBUG("Loading %d active rules for a feedback profile", mnr);
 	for (nr = 0; nr < mnr; ++nr) {
@@ -904,15 +903,14 @@ load_feedback_profile(struct pfctl *pf, struct superblocks *superblocks)
 			warn("calloc");
 			return (1);
 		}
-		pr.nr = nr;
 
-		if (pfctl_get_rule(pf->dev, nr, pr.ticket, "", PF_PASS,
-		    &rule, pr.anchor_call)) {
+		if (pfctl_get_rule(pf->dev, nr, rules.ticket, "", PF_PASS,
+		    &rule, anchor_call)) {
 			warn("DIOCGETRULENV");
 			return (1);
 		}
 		memcpy(&por->por_rule, &rule, sizeof(por->por_rule));
-		rs = pf_find_or_create_ruleset(pr.anchor_call);
+		rs = pf_find_or_create_ruleset(anchor_call);
 		por->por_rule.anchor = rs->anchor;
 		if (TAILQ_EMPTY(&por->por_rule.rpool.list))
 			memset(&por->por_rule.rpool, 0,