On Sun, Nov 06, 2022 at 10:42:49PM +1000, David Gwynne wrote: > this is a small chunk to help sashan@ out with some of the pf ioctl work > he is doing. > > he is looking at allocating config over multiple ioctls, and would like > to be able to throw it away in situations like if the userland program > creating the state goes away. with the current vnode and device special > semantics, only the last close will call pfclose, which is a nice place > to do cleanup. if a long running process has /dev/pf open, then he'll > never be able to clean up. > > cloning also turns the dev_t into a nice identifier to use to > associate these allocations with, which makes the cleanup more robust. > using something like the pid or curproc allows for userland to confuse > pf too easily. > > ok?
yes, please. OK sashan