pf: Allow states to by killed per 'gateway'

This allows us to kill states created from a rule with route-to/reply-to
set.  This is particularly useful in multi-wan setups, where one of the
WAN links goes down.

Submitted by:	Steven Brown
Obtained from:	https://github.com/pfsense/FreeBSD-src/pull/11/
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D30058

(cherry picked from commit abbcba9cf5b1c26e837f00e0fbc205652cb05e51)

2 files changed, 2 insertions, 0 deletions

diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c
index 9f504237b4ee..f50afa7c78ef 100644
--- a/lib/libpfctl/libpfctl.c
+++ b/lib/libpfctl/libpfctl.c
@@ -642,6 +642,7 @@ _pfctl_clear_states(int dev, const struct pfctl_kill *kill,
 	nvlist_add_number(nvl, "proto", kill->proto);
 	pfctl_nv_add_rule_addr(nvl, "src", &kill->src);
 	pfctl_nv_add_rule_addr(nvl, "dst", &kill->dst);
+	pfctl_nv_add_rule_addr(nvl, "rt_addr", &kill->rt_addr);
 	nvlist_add_string(nvl, "ifname", kill->ifname);
 	nvlist_add_string(nvl, "label", kill->label);
 
diff --git a/lib/libpfctl/libpfctl.h b/lib/libpfctl/libpfctl.h
index aa7f0ffd8fad..5c8b2108d937 100644
--- a/lib/libpfctl/libpfctl.h
+++ b/lib/libpfctl/libpfctl.h
@@ -191,6 +191,7 @@ struct pfctl_kill {
 	int			proto;
 	struct pf_rule_addr	src;
 	struct pf_rule_addr	dst;
+	struct pf_rule_addr	rt_addr;
 	char			ifname[IFNAMSIZ];
 	char			label[PF_RULE_LABEL_SIZE];
 };