pfctl: use libpfctl instead of DIOCGETRULES directly

MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")

(cherry picked from commit 47a0b59379c3bec547e7c829eb12de8276227dff)

1 files changed, 7 insertions, 9 deletions

diff --git a/sbin/pfctl/pfctl_optimize.c b/sbin/pfctl/pfctl_optimize.c
index a377f9eb04dc..98da986b0aeb 100644
--- a/sbin/pfctl/pfctl_optimize.c
+++ b/sbin/pfctl/pfctl_optimize.c
@@ -878,24 +878,23 @@ block_feedback(struct pfctl *pf, struct superblock *block)
 int
 load_feedback_profile(struct pfctl *pf, struct superblocks *superblocks)
 {
+	char anchor_call[MAXPATHLEN] = "";
 	struct superblock *block, *blockcur;
 	struct superblocks prof_superblocks;
 	struct pf_opt_rule *por;
 	struct pf_opt_queue queue;
-	struct pfioc_rule pr;
+	struct pfctl_rules_info rules;
 	struct pfctl_rule a, b, rule;
 	int nr, mnr;
 
 	TAILQ_INIT(&queue);
 	TAILQ_INIT(&prof_superblocks);
 
-	memset(&pr, 0, sizeof(pr));
-	pr.rule.action = PF_PASS;
-	if (ioctl(pf->dev, DIOCGETRULES, &pr)) {
+	if (pfctl_get_rules_info(pf->dev, &rules, PF_PASS, "")) {
 		warn("DIOCGETRULES");
 		return (1);
 	}
-	mnr = pr.nr;
+	mnr = rules.nr;
 
 	DEBUG("Loading %d active rules for a feedback profile", mnr);
 	for (nr = 0; nr < mnr; ++nr) {
@@ -904,15 +903,14 @@ load_feedback_profile(struct pfctl *pf, struct superblocks *superblocks)
 			warn("calloc");
 			return (1);
 		}
-		pr.nr = nr;
 
-		if (pfctl_get_rule(pf->dev, nr, pr.ticket, "", PF_PASS,
-		    &rule, pr.anchor_call)) {
+		if (pfctl_get_rule(pf->dev, nr, rules.ticket, "", PF_PASS,
+		    &rule, anchor_call)) {
 			warn("DIOCGETRULENV");
 			return (1);
 		}
 		memcpy(&por->por_rule, &rule, sizeof(por->por_rule));
-		rs = pf_find_or_create_ruleset(pr.anchor_call);
+		rs = pf_find_or_create_ruleset(anchor_call);
 		por->por_rule.anchor = rs->anchor;
 		if (TAILQ_EMPTY(&por->por_rule.rpool.list))
 			memset(&por->por_rule.rpool, 0,