2 files changed, 31 insertions, 0 deletions

diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index ae88be9..7146722 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -491,6 +491,7 @@ struct pf_rule {
 	union pf_rule_ptr	 skip[PF_SKIP_COUNT];
 #define PF_RULE_LABEL_SIZE	 64
 	char			 label[PF_RULE_LABEL_SIZE];
+	char                     schedule[PF_RULE_LABEL_SIZE];
 	char			 ifname[IFNAMSIZ];
 	char			 qname[PF_QNAME_SIZE];
 	char			 pqname[PF_QNAME_SIZE];
@@ -1288,6 +1289,11 @@ struct pfioc_state_kill {
 	u_int			psk_killed;
 };
 
+struct pfioc_schedule_kill {
+	int		numberkilled;
+	char		schedule[PF_RULE_LABEL_SIZE];
+};
+
 struct pfioc_states {
 	int	ps_len;
 	union {
@@ -1472,6 +1478,7 @@ struct pf_ifspeed {
 	u_int32_t		baudrate;
 };
 #define	DIOCGIFSPEED	_IOWR('D', 92, struct pf_ifspeed)
+#define	DIOCKILLSCHEDULE	_IOWR('D', 96, struct pfioc_schedule_kill)
 
 #ifdef _KERNEL
 LIST_HEAD(pf_src_node_list, pf_src_node);
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index c98846a..bbf5217 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -1711,6 +1711,30 @@ relock_DIOCKILLSTATES:
 		break;
 	}
 
+	case DIOCKILLSCHEDULE: {
+		struct pf_state         *state;
+		struct pfioc_schedule_kill *psk = (struct pfioc_schedule_kill *)addr;
+		int                      killed = 0;
+		u_int			 i;
+
+		for (i = 0; i <= pf_hashmask; i++) {
+			struct pf_idhash *ih = &V_pf_idhash[i];
+
+relock_DIOCKILLSCHEDULE:
+			PF_HASHROW_LOCK(ih);
+			LIST_FOREACH(state, &ih->states, entry) {
+			       if (!strcmp(psk->schedule, state->rule.ptr->schedule)) {
+					pf_unlink_state(state, PF_ENTER_LOCKED);
+					killed++;
+					goto relock_DIOCKILLSCHEDULE;
+				}
+			}
+			PF_HASHROW_UNLOCK(ih);
+               }
+               psk->numberkilled = killed;
+               break;
+       }
+
 	case DIOCADDSTATE: {
 		struct pfioc_state	*ps = (struct pfioc_state *)addr;
 		struct pfsync_state	*sp = &ps->state;