pf kernel module(s)

[Yar Tikhiy]

All,

While making an rc.d script for pfsync as I had promised here, I
noticed that pf.ko didn't include support for pfsync.  Closer study
revealed that it would be better to split pf.ko in separate modules
for pf itself, pflog, and pfsync.  The reason is as follows.

As MODULES_WITH_WORLD are about to depart for /dev/null soon, modules
should not rely on the opt_*.h files they create with their Makefiles
now: The configuration is to be obtained from the opt_*.h files in
the kernel build directory.  Therefore it will not be possible to
include pflog or pfsync functionality in pf.ko unless it is in the
main kernel file, too, which is ridiculous.  OTOH, having separate
pflog.ko and pfsync.ko would allow for the modules to be built
irrespective of the current kernel configuration.

If the separation is not possible now, the pf.ko module should
include all the functionality irrespective of the DEV_PF, DEV_PFLOG,
or DEV_PFSYNC values found in opt_pf.h.  As a matter of fact, a
modern FreeBSD device driver should rarely use DEV_FOO values in
its code because the inclusion of the driver source files in the
build process is the major sign of the driver being enabled, and
device instances should be created dynamically.  Alas, OpenBSD
code doesn't seem to follow this trend, so I'd consider setting
NPFLOG and NPFSYNC to 1 statically if possible.

-- 
Yar