On Sun, Nov 06, 2022 at 10:42:49PM +1000, David Gwynne wrote:
> this is a small chunk to help sashan@ out with some of the pf ioctl work
> he is doing.
>
> he is looking at allocating config over multiple ioctls, and would like
> to be able to throw it away in situations like if the userland program
> creating the state goes away. with the current vnode and device special
> semantics, only the last close will call pfclose, which is a nice place
> to do cleanup. if a long running process has /dev/pf open, then he'll
> never be able to clean up.
>
> cloning also turns the dev_t into a nice identifier to use to
> associate these allocations with, which makes the cleanup more robust.
> using something like the pid or curproc allows for userland to confuse
> pf too easily.
>
> ok?
yes, please.
OK sashan
