From 2905d10b392766faf0e0ce8070864132d8ab66c3 Mon Sep 17 00:00:00 2001
From: Kristof Provost <kp@FreeBSD.org>
Date: Mon, 27 Nov 2023 17:48:33 +0100
Subject: [PATCH] snmp_pf: use libpfctl's pfctl_get_rules_info() rather than
 DIOCGETRULES

Prefer libpfctl functions over direct access to the ioctl whenever
possible.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
---
 usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c b/usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c
index a5786007d3f..bb064dd549d 100644
--- a/usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c
+++ b/usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c
@@ -1513,24 +1513,21 @@ err2:
 static int
 pfl_scan_ruleset(const char *path)
 {
-	struct pfioc_rule pr;
+	struct pfctl_rules_info rules;
 	struct pfctl_rule rule;
+	char anchor_call[MAXPATHLEN] = "";
 	struct pfl_entry *e;
 	u_int32_t nr, i;
 
-	bzero(&pr, sizeof(pr));
-	strlcpy(pr.anchor, path, sizeof(pr.anchor));
-	pr.rule.action = PF_PASS;
-	if (ioctl(dev, DIOCGETRULES, &pr)) {
+	if (pfctl_get_rules_info(dev, &rules, PF_PASS, path)) {
 		syslog(LOG_ERR, "pfl_scan_ruleset: ioctl(DIOCGETRULES): %s",
 		    strerror(errno));
 		goto err;
 	}
 
-	for (nr = pr.nr, i = 0; i < nr; i++) {
-		pr.nr = i;
-		if (pfctl_get_rule(dev, pr.nr, pr.ticket, pr.anchor,
-		    PF_PASS, &rule, pr.anchor_call)) {
+	for (nr = rules.nr, i = 0; i < nr; i++) {
+		if (pfctl_get_rule(dev, i, rules.ticket, path,
+		    PF_PASS, &rule, anchor_call)) {
 			syslog(LOG_ERR, "pfl_scan_ruleset: ioctl(DIOCGETRULE):"
 			    " %s", strerror(errno));
 			goto err;