make /dev/pf a clonable device.

this provides a 1:1 relationship of pfopen() calls to pfclose()
calls. in turn, this makes it a lot easier to track stuff allocated
by a process and then clean it up if that process goes away
unexpectedly. the unique dev_t provided by the cloning machinery
gives us a good identifier to track this state with too.

discussed with h2k22
ok sashan@
deraadt@ agrees this is a good time to put this in

1 files changed, 6 insertions, 4 deletions

diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index b540afc6fe2..ef4f18e730d 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_ioctl.c,v 1.385 2022/08/06 15:57:58 bluhm Exp $ */
+/*	$OpenBSD: pf_ioctl.c,v 1.386 2022/11/06 13:03:52 dlg Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -54,6 +54,7 @@
 #include <sys/proc.h>
 #include <sys/rwlock.h>
 #include <sys/syslog.h>
+#include <sys/specdev.h>
 #include <uvm/uvm_extern.h>
 
 #include <crypto/md5.h>
@@ -265,16 +266,17 @@ pfattach(int num)
 int
 pfopen(dev_t dev, int flags, int fmt, struct proc *p)
 {
-	if (minor(dev) >= 1)
+	int unit = minor(dev);
+
+	if (unit & ((1 << CLONE_SHIFT) - 1))
 		return (ENXIO);
+
 	return (0);
 }
 
 int
 pfclose(dev_t dev, int flags, int fmt, struct proc *p)
 {
-	if (minor(dev) >= 1)
-		return (ENXIO);
 	return (0);
 }