I'd add whu@ on these reviews as well, for hvsock in particular

Oh, return () style differs here

In D44200#1010523, @glebius wrote:

So, with D44307 in, you can add this:

static struct if_clone *
tuntap_cloner_from_flags(int tun_flags)
{
 
        for (u_int i = 0; i < NDRV; i++)
                if ((tun_flags & TUN_DRIVER_IDENT_MASK) ==
                    tuntap_drivers[i].ident_flags)
                        return (V_tuntap_driver_cloners[i]);
 
        return (NULL);
}

And then call

if_clone_destroyif(tuntap_cloner_from_flags(flags), ifp);

This of course won't cover the problematic traveling case. To cover that, you'd need to:

CURVNET_SET_QUIET(ifp->if_home_vnet);
cloner = tuntap_cloner_from_flags(flags)
CURVNET_RESTORE();
if_clone_destroyif(cloner, ifp);

Nice, thanks. I think at one point I thought I might have something else worth adding to struct tuntap_driver_cloner, but if it hasn't happened in the intervening 5 years then I think it's safe to say that it's not going to happen.

In D44200#1010509, @glebius wrote:

Damn, this again comes to the stupid idea of interfaces traveling between vnets. Grrrr. Still, I believe it should be done in the tuntap, not in if_clone.c. The existing SLIST of cloners can be simplified a lot, let me try.

ah, I see; some of these were inlined in a header, some of them left un-exported in the first place... someone seemingly applied a relatively large hammer.

Revert back to the size check, assert that we do or do not have a resource
after as appropriate.

Oh, that probably won't work... we probably printed the entire left-hand side before the return, so it'd need to be on a separate line or something

In D44160#1008533, @jhb wrote:

Next you might consider adding this to truss as well. :)

Use a loop, set error before (it'll either get clobbered or remain untouched),
and just consistently keep it locked leaving the loop.

(Sorry, I just realized I forgot about this review entirely)

Second, the setting is inherited by children of the spawn process. Is it fine? For me yes.