git: ec990152c655 - stable/14 - pfctl: use libpfctl instead of DIOCGETRULES directly

Mon, 04 Dec 2023 07:21:34 -0800 

The branch stable/14 has been updated by kp:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=ec990152c6553a658c40e78a94b0032af901397e

commit ec990152c6553a658c40e78a94b0032af901397e
Author:     Kristof Provost <k...@freebsd.org>
AuthorDate: 2023-11-24 23:43:48 +0000
Commit:     Kristof Provost <k...@freebsd.org>
CommitDate: 2023-12-04 15:20:57 +0000

    pfctl: use libpfctl instead of DIOCGETRULES directly
    
    MFC after:      1 week
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    
    (cherry picked from commit 47a0b59379c3bec547e7c829eb12de8276227dff)
---
 sbin/pfctl/pfctl_optimize.c | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/sbin/pfctl/pfctl_optimize.c b/sbin/pfctl/pfctl_optimize.c
index a377f9eb04dc..98da986b0aeb 100644
--- a/sbin/pfctl/pfctl_optimize.c
+++ b/sbin/pfctl/pfctl_optimize.c
@@ -878,24 +878,23 @@ block_feedback(struct pfctl *pf, struct superblock *block)
 int
 load_feedback_profile(struct pfctl *pf, struct superblocks *superblocks)
 {
+       char anchor_call[MAXPATHLEN] = "";
        struct superblock *block, *blockcur;
        struct superblocks prof_superblocks;
        struct pf_opt_rule *por;
        struct pf_opt_queue queue;
-       struct pfioc_rule pr;
+       struct pfctl_rules_info rules;
        struct pfctl_rule a, b, rule;
        int nr, mnr;
 
        TAILQ_INIT(&queue);
        TAILQ_INIT(&prof_superblocks);
 
-       memset(&pr, 0, sizeof(pr));
-       pr.rule.action = PF_PASS;
-       if (ioctl(pf->dev, DIOCGETRULES, &pr)) {
+       if (pfctl_get_rules_info(pf->dev, &rules, PF_PASS, "")) {
                warn("DIOCGETRULES");
                return (1);
        }
-       mnr = pr.nr;
+       mnr = rules.nr;
 
        DEBUG("Loading %d active rules for a feedback profile", mnr);
        for (nr = 0; nr < mnr; ++nr) {
@@ -904,15 +903,14 @@ load_feedback_profile(struct pfctl *pf, struct 
superblocks *superblocks)
                        warn("calloc");
                        return (1);
                }
-               pr.nr = nr;
 
-               if (pfctl_get_rule(pf->dev, nr, pr.ticket, "", PF_PASS,
-                   &rule, pr.anchor_call)) {
+               if (pfctl_get_rule(pf->dev, nr, rules.ticket, "", PF_PASS,
+                   &rule, anchor_call)) {
                        warn("DIOCGETRULENV");
                        return (1);
                }
                memcpy(&por->por_rule, &rule, sizeof(por->por_rule));
-               rs = pf_find_or_create_ruleset(pr.anchor_call);
+               rs = pf_find_or_create_ruleset(anchor_call);
                por->por_rule.anchor = rs->anchor;
                if (TAILQ_EMPTY(&por->por_rule.rpool.list))
                        memset(&por->por_rule.rpool, 0,

Reply via email to