10 files changed, 283 insertions, 323 deletions

diff --git a/sys/contrib/pf/net/if_pflog.c b/sys/contrib/pf/net/if_pflog.c
index d57f519ceacf..ca7b401e6f77 100644
--- a/sys/contrib/pf/net/if_pflog.c
+++ b/sys/contrib/pf/net/if_pflog.c
@@ -34,26 +34,26 @@
  * PURPOSE.
  */
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 #include "opt_inet.h"
 #include "opt_inet6.h"
 #endif
 
-#if !defined(__FreeBSD__)
+#ifndef __FreeBSD__
 #include "bpfilter.h"
 #include "pflog.h"
 #elif __FreeBSD__ >= 5
 #include "opt_bpf.h"
-#define NBPFILTER DEV_BPF
 #include "opt_pf.h"
-#define NPFLOG DEV_PFLOG
+#define	NBPFILTER	DEV_BPF
+#define	NPFLOG		DEV_PFLOG
 #endif
 
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/mbuf.h>
 #include <sys/socket.h>
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 #include <sys/kernel.h>
 #include <sys/malloc.h>
 #include <sys/sockio.h>
@@ -73,7 +73,7 @@
 #include <netinet/ip.h>
 #endif
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 #include <machine/in_cksum.h>
 #endif
 
@@ -87,8 +87,8 @@
 #include <net/pfvar.h>
 #include <net/if_pflog.h>
 
-#if defined(__FreeBSD__)
-#define PFLOGNAME	"pflog"
+#ifdef __FreeBSD__
+#define	PFLOGNAME	"pflog"
 #endif
 
 #define PFLOGMTU	(32768 + MHLEN + MLEN)
@@ -99,11 +99,11 @@
 #define DPRINTF(x)
 #endif
 
-#if !defined(__FreeBSD__)
+#ifndef __FreeBSD__
 struct pflog_softc pflogif[NPFLOG];
 #endif
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 void	pflog_clone_destroy(struct ifnet *);
 int	pflog_clone_create(struct if_clone *, int);
 #else
@@ -115,11 +115,11 @@ int	pflogioctl(struct ifnet *, u_long, caddr_t);
 void	pflogrtrequest(int, struct rtentry *, struct sockaddr *);
 void	pflogstart(struct ifnet *);
 
-#if !defined(__FreeBSD__)
+#ifndef __FreeBSD__
 extern int ifqmaxlen;
 #endif
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 static MALLOC_DEFINE(M_PFLOG, PFLOGNAME, "Packet Filter Logging Interface");
 static LIST_HEAD(pflog_list, pflog_softc) pflog_list;
 struct if_clone pflog_cloner = IF_CLONE_INITIALIZER(PFLOGNAME,
@@ -142,9 +142,7 @@ pflog_clone_destroy(struct ifnet *ifp)
 	LIST_REMOVE(sc, sc_next);
 	free(sc, M_PFLOG);
 }
-#endif /* __FreeBSD__ */
 
-#if defined(__FreeBSD__)
 int
 pflog_clone_create(struct if_clone *ifc, int unit)
 {
@@ -226,12 +224,12 @@ pflogstart(struct ifnet *ifp)
 #endif
 	int s;
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	ifq = &ifp->if_snd;
 #endif
 	for (;;) {
 		s = splimp();
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		IF_LOCK(ifq);
 		_IF_DROP(ifq);
 		_IF_DEQUEUE(ifq, m);
@@ -339,7 +337,7 @@ pflog_packet(struct ifnet *ifp, struct mbuf *m, sa_family_t af, u_int8_t dir,
 	m1.m_len = PFLOG_HDRLEN;
 	m1.m_data = (char *) &hdr;
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	KASSERT((!LIST_EMPTY(&pflog_list)), ("pflog: no interface"));
 	ifn = &LIST_FIRST(&pflog_list)->sc_if;
 #else
@@ -353,7 +351,7 @@ pflog_packet(struct ifnet *ifp, struct mbuf *m, sa_family_t af, u_int8_t dir,
 	return (0);
 }
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 static int
 pflog_modevent(module_t mod, int type, void *data)
 {
diff --git a/sys/contrib/pf/net/if_pflog.h b/sys/contrib/pf/net/if_pflog.h
index 22a85eaee3e9..e5982399e6d8 100644
--- a/sys/contrib/pf/net/if_pflog.h
+++ b/sys/contrib/pf/net/if_pflog.h
@@ -30,7 +30,7 @@
 
 struct pflog_softc {
 	struct ifnet	sc_if;  /* the interface */
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	LIST_ENTRY(pflog_softc) sc_next;
 #endif
 };
diff --git a/sys/contrib/pf/net/if_pfsync.c b/sys/contrib/pf/net/if_pfsync.c
index 0d50a2e12bb6..dbef4e68727e 100644
--- a/sys/contrib/pf/net/if_pfsync.c
+++ b/sys/contrib/pf/net/if_pfsync.c
@@ -27,19 +27,19 @@
  * THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#if defined(__FreeBSD__) && __FreeBSD__ >= 5
+#ifdef __FreeBSD__
 #include "opt_inet.h"
 #include "opt_inet6.h"
 #endif
 
-#if !defined(__FreeBSD__)
+#ifndef __FreeBSD__
 #include "bpfilter.h"
 #include "pfsync.h"
 #elif __FreeBSD__ >= 5
 #include "opt_bpf.h"
-#define NBPFILTER DEV_BPF
 #include "opt_pf.h"
-#define NPFSYNC DEV_PFSYNC
+#define	NBPFILTER	DEV_BPF
+#define	NPFSYNC		DEV_PFSYNC
 #endif
 
 #include <sys/param.h>
@@ -47,7 +47,7 @@
 #include <sys/time.h>
 #include <sys/mbuf.h>
 #include <sys/socket.h>
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 #include <sys/kernel.h>
 #include <sys/malloc.h>
 #include <sys/sockio.h>
@@ -76,8 +76,8 @@
 #include <net/pfvar.h>
 #include <net/if_pfsync.h>
 
-#if defined(__FreeBSD__)
-#define PFSYNCNAME	"pfsync"
+#ifdef __FreeBSD__
+#define	PFSYNCNAME	"pfsync"
 #endif
 
 #define PFSYNC_MINMTU	\
@@ -90,11 +90,11 @@ int pfsyncdebug;
 #define DPRINTF(x)
 #endif
 
-#if !defined(__FreeBSD__)
+#ifndef __FreeBSD__
 struct pfsync_softc pfsyncif;
 #endif
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 void	pfsync_clone_destroy(struct ifnet *);
 int	pfsync_clone_create(struct if_clone *, int);
 #else
@@ -110,11 +110,11 @@ struct mbuf *pfsync_get_mbuf(struct pfsync_softc *sc, u_int8_t action);
 int	pfsync_sendout(struct pfsync_softc *sc);
 void	pfsync_timeout(void *v);
 
-#if !defined(__FreeBSD__)
+#ifndef __FreeBSD__
 extern int ifqmaxlen;
 #endif
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 static MALLOC_DEFINE(M_PFSYNC, PFSYNCNAME, "Packet Filter State Sync. Interface");
 static LIST_HEAD(pfsync_list, pfsync_softc) pfsync_list;
 struct if_clone pfsync_cloner = IF_CLONE_INITIALIZER(PFSYNCNAME,
@@ -140,9 +140,7 @@ pfsync_clone_destroy(struct ifnet *ifp)
         LIST_REMOVE(sc, sc_next);
         free(sc, M_PFSYNC);
 }
-#endif /* __FreeBSD__ */
 
-#if defined(__FreeBSD__)
 int
 pfsync_clone_create(struct if_clone *ifc, int unit)
 {
@@ -226,12 +224,12 @@ pfsyncstart(struct ifnet *ifp)
 #endif
 	int s;
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	ifq = &ifp->if_snd;
 #endif
 	for (;;) {
 		s = splimp();
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		IF_LOCK(ifq);
 		_IF_DROP(ifq);
 		_IF_DEQUEUE(ifq, m);
@@ -309,7 +307,7 @@ pfsync_get_mbuf(sc, action)
 	struct pfsync_softc *sc;
 	u_int8_t action;
 {
-#if !defined(__FreeBSD__)
+#ifndef __FreeBSD__
 	extern int hz;
 #endif
 	struct pfsync_header *h;
@@ -342,7 +340,7 @@ pfsync_get_mbuf(sc, action)
 
 	sc->sc_mbuf = m;
 	sc->sc_ptr = (struct pf_state *)((char *)h + PFSYNC_HDRLEN);
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	callout_reset(&sc->sc_tmo, hz, pfsync_timeout,
 	    LIST_FIRST(&pfsync_list));
 #else
@@ -361,7 +359,7 @@ pfsync_pack_state(action, st)
 	u_int8_t action;
 	struct pf_state *st;
 {
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	struct pfsync_softc *sc = LIST_FIRST(&pfsync_list);
 #else
 	extern struct timeval time;
@@ -378,11 +376,11 @@ pfsync_pack_state(action, st)
 	if (action >= PFSYNC_ACT_MAX)
 		return (EINVAL);
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	/*
 	 * XXX
 	 *  If we need to check mutex owned, PF_LOCK should be
-	 * declared in pflog.ko. :-(
+	 * declared in pflog.ko.
 	 *
 	 * PF_LOCK_ASSERT();
 	 */
@@ -420,7 +418,7 @@ pfsync_pack_state(action, st)
 	pf_state_peer_hton(&st->dst, &sp->dst);
 
 	bcopy(&st->rt_addr, &sp->rt_addr, sizeof(sp->rt_addr));
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	secs = time_second;
 #else
 	secs = time.tv_sec;
@@ -456,7 +454,7 @@ int
 pfsync_clear_state(st)
 	struct pf_state *st;
 {
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	struct pfsync_softc *sc = LIST_FIRST(&pfsync_list);
 #else
 	struct ifnet *ifp = &pfsyncif.sc_if;
@@ -495,7 +493,7 @@ pfsync_sendout(sc)
 	struct ifnet *ifp = &sc->sc_if;
 	struct mbuf *m = sc->sc_mbuf;
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	callout_stop(&sc->sc_tmo);
 #else
 	timeout_del(&sc->sc_tmo);
@@ -503,7 +501,7 @@ pfsync_sendout(sc)
 	sc->sc_mbuf = NULL;
 	sc->sc_ptr = NULL;
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	KASSERT(m != NULL, ("pfsync_sendout: null mbuf"));
 #endif
 #if NBPFILTER > 0
@@ -517,7 +515,7 @@ pfsync_sendout(sc)
 }
 
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 static int
 pfsync_modevent(module_t mod, int type, void *data)
 {
diff --git a/sys/contrib/pf/net/if_pfsync.h b/sys/contrib/pf/net/if_pfsync.h
index ec1d74e230b3..23539ba79e5d 100644
--- a/sys/contrib/pf/net/if_pfsync.h
+++ b/sys/contrib/pf/net/if_pfsync.h
@@ -34,7 +34,7 @@
 struct pfsync_softc {
 	struct ifnet	sc_if;
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	struct callout	sc_tmo;
 #else
 	struct timeout	sc_tmo;
@@ -42,7 +42,7 @@ struct pfsync_softc {
 	struct mbuf	*sc_mbuf;	/* current cummulative mbuf */
 	struct pf_state	*sc_ptr;	/* current ongoing state */
 	int		 sc_count;	/* number of states in one mtu */
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	LIST_ENTRY(pfsync_softc) sc_next;
 #endif
 };
diff --git a/sys/contrib/pf/net/pf.c b/sys/contrib/pf/net/pf.c
index d1fc74bba12b..ca6a86a0f4e0 100644
--- a/sys/contrib/pf/net/pf.c
+++ b/sys/contrib/pf/net/pf.c
@@ -35,17 +35,17 @@
  *
  */
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 #include "opt_inet.h"
 #include "opt_inet6.h"
 #endif
 
-#if defined(__FreeBSD__) && __FreeBSD__ >= 5
+#ifdef __FreeBSD__
 #include "opt_bpf.h"
-#define NBPFILTER DEV_BPF
 #include "opt_pf.h"
-#define NPFLOG DEV_PFLOG
-#define NPFSYNC DEV_PFSYNC
+#define	NBPFILTER	DEV_BPF
+#define	NPFLOG		DEV_PFLOG
+#define	NPFSYNC		DEV_PFSYNC
 #else
 #include "bpfilter.h"
 #include "pflog.h"
@@ -60,7 +60,7 @@
 #include <sys/socketvar.h>
 #include <sys/kernel.h>
 #include <sys/time.h>
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 #include <sys/sysctl.h>
 #else
 #include <sys/pool.h>
@@ -86,7 +86,7 @@
 #include <netinet/udp_var.h>
 #include <netinet/icmp_var.h>
 
-#if !defined(__FreeBSD__)
+#ifndef __FreeBSD__
 #include <dev/rndvar.h>
 #endif
 #include <net/pfvar.h>
@@ -98,7 +98,7 @@
 #include <netinet/in_pcb.h>
 #include <netinet/icmp6.h>
 #include <netinet6/nd6.h>
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 #include <netinet6/ip6_var.h>
 #include <netinet6/in6_pcb.h>
 #endif
@@ -108,7 +108,7 @@
 #include <altq/if_altq.h>
 #endif
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 #include <machine/in_cksum.h>
 #if (__FreeBSD_version >= 500112)
 #include <sys/limits.h>
@@ -118,7 +118,7 @@
 #include <sys/ucred.h>
 #endif
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 extern int ip_optcopy(struct ip *, struct ip *);
 #if (__FreeBSD_version < 501105)
 int ip_fragment(struct ip *ip, struct mbuf **m_frag, int mtu,
@@ -146,14 +146,14 @@ u_int32_t		 ticket_altqs_active;
 u_int32_t		 ticket_altqs_inactive;
 u_int32_t		 ticket_pabuf;
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 struct callout	 	 pf_expire_to;			/* expire timeout */
 #else
 struct timeout		 pf_expire_to;			/* expire timeout */
 #endif
 
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 uma_zone_t		 pf_tree_pl, pf_rule_pl, pf_addr_pl;
 uma_zone_t		 pf_state_pl, pf_altq_pl, pf_pooladdr_pl;
 #else
@@ -162,8 +162,8 @@ struct pool		 pf_state_pl, pf_altq_pl, pf_pooladdr_pl;
 #endif
 
 void			 pf_dynaddr_update(void *);
-#if defined(__FreeBSD__) && defined(HOOK_HACK)
-void			pf_dynaddr_update_event(void *arg, struct ifnet *ifp);
+#ifdef __FreeBSD__
+void			 pf_dynaddr_update_event(void *arg, struct ifnet *ifp);
 #endif
 void			 pf_print_host(struct pf_addr *, u_int16_t, u_int8_t);
 void			 pf_print_state(struct pf_state *);
@@ -259,11 +259,9 @@ int			 pf_check_proto_cksum(struct mbuf *, int, int,
 int			 pf_addr_wrap_neq(struct pf_addr_wrap *,
 			    struct pf_addr_wrap *);
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 int in4_cksum(struct mbuf *m, u_int8_t nxt, int off, int len);
-#endif
 
-#if defined(__FreeBSD__)
 struct pf_pool_limit pf_pool_limits[PF_LIMIT_MAX];
 #else
 struct pf_pool_limit pf_pool_limits[PF_LIMIT_MAX] =
@@ -302,7 +300,7 @@ static __inline int pf_state_compare(struct pf_tree_node *,
 struct pf_state_tree tree_lan_ext, tree_ext_gwy;
 RB_GENERATE(pf_state_tree, pf_tree_node, entry, pf_state_compare);
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 static int
 #else
 static __inline int
@@ -488,25 +486,25 @@ pf_insert_state(struct pf_state *state)
 void
 pf_purge_timeout(void *arg)
 {
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	struct callout  *to = arg;
 #else
 	struct timeout	*to = arg;
 #endif
 	int		 s;
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	PF_LOCK();
 #endif
 	s = splsoftnet();
 	pf_purge_expired_states();
 	pf_purge_expired_fragments();
 	splx(s);
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	PF_UNLOCK();
 #endif
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	callout_reset(to, pf_default_rule.timeout[PFTM_INTERVAL] * hz,
 	    pf_purge_timeout, to);
 #else
@@ -524,14 +522,14 @@ pf_state_expires(const struct pf_state *state)
 
 	/* handle all PFTM_* > PFTM_MAX here */
 	if (state->timeout == PFTM_PURGE)
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		return (time_second);
 #else
 		return (time.tv_sec);
 #endif
 	if (state->timeout == PFTM_UNTIL_PACKET)
 		return (0);
-#if defined(__FreeBSD__)	
+#ifdef __FreeBSD__	
 	KASSERT((state->timeout < PFTM_MAX), 
 	    ("pf_state_expires: timeout > PFTM_MAX"));
 #else
@@ -554,7 +552,7 @@ pf_state_expires(const struct pf_state *state)
 			return (state->expire + timeout * (end - states) /
 			    (end - start));
 		else
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 			return (time_second);
 #else
 			return (time.tv_sec);
@@ -572,7 +570,7 @@ pf_purge_expired_states(void)
 	for (cur = RB_MIN(pf_state_tree, &tree_ext_gwy); cur; cur = next) {
 		next = RB_NEXT(pf_state_tree, &tree_ext_gwy, cur);
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		if (pf_state_expires(cur->state) <= (u_int32_t)time_second) {
 #else
 		if (pf_state_expires(cur->state) <= time.tv_sec) {
@@ -602,7 +600,7 @@ pf_purge_expired_states(void)
 			key.port[1] = cur->state->ext.port;
 
 			peer = RB_FIND(pf_state_tree, &tree_lan_ext, &key);
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 			KASSERT((peer), ("peer null :%s", __FUNCTION__));
 			KASSERT((peer->state == cur->state),
 			   ("peer->state != cur->state: %s", __FUNCTION__));
@@ -686,7 +684,7 @@ pf_dynaddr_setup(struct pf_addr_wrap *aw, sa_family_t af)
 	aw->p.dyn->addr = &aw->v.a.addr;
 	aw->p.dyn->af = af;
 	aw->p.dyn->undefined = 1;
-#if !defined(__FreeBSD__)
+#ifndef __FreeBSD__
 	aw->p.dyn->hook_cookie = hook_establish(
 	    aw->p.dyn->ifp->if_addrhooks, 1,
 	    pf_dynaddr_update, aw->p.dyn);
@@ -695,7 +693,7 @@ pf_dynaddr_setup(struct pf_addr_wrap *aw, sa_family_t af)
 		aw->p.dyn = NULL;
 		return (1);
 	}
-#elif defined(__FreeBSD__) && defined(HOOK_HACK)
+#else
 	PF_UNLOCK();
 	aw->p.dyn->hook_cookie = EVENTHANDLER_REGISTER(ifaddr_event,
 	    pf_dynaddr_update_event, aw->p.dyn, EVENTHANDLER_PRI_ANY);
@@ -705,26 +703,12 @@ pf_dynaddr_setup(struct pf_addr_wrap *aw, sa_family_t af)
 		aw->p.dyn = NULL;
 		return (1);
 	}
-#else
-	/*
-	 * XXX
-	 * We have no hook_establish(9)/dohooks(9) kernel interfaces.
-	 * This means that we do not aware of interface address changes(add,
-	 * remove, etc). User should update pf rule manually after interface
-	 * address changed. This may not be possible solution if you use xDSL.
-	 * ipfw/ipfw2's approach with this situation(with me keyword) is not
-	 * very efficient due to analyzing interface address during runtime.
-	 * Another solution is to use a user-land daemon watching address
-	 * changes with socket interface. Neither one is good.
-	 * Supporting hook_establish(9) requries modification of in_control()
-	 * located in netinet/in.c.
-	 */
 #endif
 	pf_dynaddr_update(aw->p.dyn);
 	return (0);
 }
 
-#if defined(__FreeBSD__) && defined(HOOK_HACK)
+#ifdef __FreeBSD__
 void
 pf_dynaddr_update_event(void *arg, struct ifnet *ifp)
 {
@@ -784,19 +768,13 @@ pf_dynaddr_remove(struct pf_addr_wrap *aw)
 {
 	if (aw->type != PF_ADDR_DYNIFTL || aw->p.dyn == NULL)
 		return;
-#if !defined(__FreeBSD__)
+#ifndef __FreeBSD__
 	hook_disestablish(aw->p.dyn->ifp->if_addrhooks,
 	    aw->p.dyn->hook_cookie);
-#elif defined(__FreeBSD__) && defined(HOOK_HACK)
+#else
 	PF_UNLOCK();
 	EVENTHANDLER_DEREGISTER(ifaddr_event, aw->p.dyn->hook_cookie);
 	PF_LOCK();
-#else
-	/*
-	 * XXX
-	 * We have no hook_establish(9)/dohooks(9) kernel interfaces.
-	 * See comments above function, pf_dynaddr_setup().
-	 */
 #endif
 	pool_put(&pf_addr_pl, aw->p.dyn);
 	aw->p.dyn = NULL;
@@ -1252,7 +1230,7 @@ pf_send_tcp(const struct pf_rule *r, sa_family_t af,
 	struct ip6_hdr	*h6;
 #endif /* INET6 */
 	struct tcphdr	*th;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	struct ip 	*ip;
 #if (__FreeBSD_version < 501114)
 	struct route 	 ro;
@@ -1363,15 +1341,15 @@ pf_send_tcp(const struct pf_rule *r, sa_family_t af,
 		h->ip_v = 4;
 		h->ip_hl = sizeof(*h) >> 2;
 		h->ip_tos = IPTOS_LOWDELAY;
-#if defined(__FreeBSD__)
-                h->ip_off = htons(path_mtu_discovery ? IP_DF : 0);
+#ifdef __FreeBSD__
+		h->ip_off = htons(path_mtu_discovery ? IP_DF : 0);
 #else
 		h->ip_off = htons(ip_mtudisc ? IP_DF : 0);
 #endif
 		h->ip_len = htons(len);
 		h->ip_ttl = ttl ? ttl : ip_defttl;
 		h->ip_sum = 0;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		ip = mtod(m, struct ip *);
 		/*
 		 * XXX
@@ -1412,7 +1390,7 @@ pf_send_tcp(const struct pf_rule *r, sa_family_t af,
 		h6->ip6_vfc |= IPV6_VERSION;
 		h6->ip6_hlim = IPV6_DEFHLIM;
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_UNLOCK();
 		ip6_output(m, NULL, NULL, 0, NULL, NULL, NULL);
 		PF_LOCK();
@@ -1430,14 +1408,14 @@ pf_send_icmp(struct mbuf *m, u_int8_t type, u_int8_t code, sa_family_t af,
 {
 	struct m_tag	*mtag;
 	struct mbuf	*m0;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	struct ip *ip;
 #endif
 
 	mtag = m_tag_get(PACKET_TAG_PF_GENERATED, 0, M_NOWAIT);
 	if (mtag == NULL)
 		return;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	m0 = m_copypacket(m, M_DONTWAIT);
 #else
 	m0 = m_copy(m, 0, M_COPYALL);
@@ -1467,7 +1445,7 @@ pf_send_icmp(struct mbuf *m, u_int8_t type, u_int8_t code, sa_family_t af,
 	switch (af) {
 #ifdef INET
 	case AF_INET:
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		/* icmp_error() expects host byte ordering */
 		ip = mtod(m0, struct ip *);
 		NTOHS(ip->ip_len);
@@ -1475,18 +1453,18 @@ pf_send_icmp(struct mbuf *m, u_int8_t type, u_int8_t code, sa_family_t af,
 		PF_UNLOCK();
 #endif
 		icmp_error(m0, type, code, 0, NULL);
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_LOCK();
 #endif
 		break;
 #endif /* INET */
 #ifdef INET6
 	case AF_INET6:
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_UNLOCK();
 #endif
 		icmp6_error(m0, type, code, 0);
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_LOCK();
 #endif
 		break;
@@ -2156,7 +2134,7 @@ pf_socket_lookup(uid_t *uid, gid_t *gid, int direction, sa_family_t af,
 {
 	struct pf_addr		*saddr, *daddr;
 	u_int16_t		 sport, dport;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	struct inpcbinfo	*pi;
 #else
 	struct inpcbtable	*tb;
@@ -2169,7 +2147,7 @@ pf_socket_lookup(uid_t *uid, gid_t *gid, int direction, sa_family_t af,
 	case IPPROTO_TCP:
 		sport = pd->hdr.tcp->th_sport;
 		dport = pd->hdr.tcp->th_dport;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		pi = &tcbinfo;
 #else
 		tb = &tcbtable;
@@ -2178,7 +2156,7 @@ pf_socket_lookup(uid_t *uid, gid_t *gid, int direction, sa_family_t af,
 	case IPPROTO_UDP:
 		sport = pd->hdr.udp->uh_sport;
 		dport = pd->hdr.udp->uh_dport;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		pi = &udbinfo;
 #else
 		tb = &udbtable;
@@ -2201,7 +2179,7 @@ pf_socket_lookup(uid_t *uid, gid_t *gid, int direction, sa_family_t af,
 	}
 	switch(af) {
 	case AF_INET:
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 #if (__FreeBSD_version >= 500043)
 		INP_INFO_RLOCK(pi);	/* XXX LOR */
 #endif
@@ -2229,7 +2207,7 @@ pf_socket_lookup(uid_t *uid, gid_t *gid, int direction, sa_family_t af,
 		break;
 #ifdef INET6
 	case AF_INET6:
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 #if (__FreeBSD_version >= 500043)
 		INP_INFO_RLOCK(pi);
 #endif
@@ -2261,7 +2239,7 @@ pf_socket_lookup(uid_t *uid, gid_t *gid, int direction, sa_family_t af,
 	default:
 		return (0);
 	}
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 #if (__FreeBSD_version >= 500043)
 	INP_LOCK(inp);
 #endif
@@ -2377,7 +2355,7 @@ pf_calc_mss(struct pf_addr *addr, sa_family_t af, u_int16_t offer)
 		dst->sin_family = AF_INET;
 		dst->sin_len = sizeof(*dst);
 		dst->sin_addr = addr->v4;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 #ifdef RTF_PRCLONING
 		rtalloc_ign(&ro, (RTF_CLONING | RTF_PRCLONING));
 #else /* !RTF_PRCLONING */
@@ -2397,7 +2375,7 @@ pf_calc_mss(struct pf_addr *addr, sa_family_t af, u_int16_t offer)
 		dst6->sin6_family = AF_INET6;
 		dst6->sin6_len = sizeof(*dst6);
 		dst6->sin6_addr = addr->v6;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 #ifdef RTF_PRCLONING
 		rtalloc_ign((struct route *)&ro6,
 		    (RTF_CLONING | RTF_PRCLONING));
@@ -2712,7 +2690,7 @@ pf_test_tcp(struct pf_rule **rm, struct pf_state **sm, int direction,
 		s->dst.max_win = 1;
 		s->src.state = TCPS_SYN_SENT;
 		s->dst.state = TCPS_CLOSED;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		s->creation = time_second;
 		s->expire = time_second;
 #else
@@ -2989,7 +2967,7 @@ pf_test_udp(struct pf_rule **rm, struct pf_state **sm, int direction,
 		}
 		s->src.state = PFUDPS_SINGLE;
 		s->dst.state = PFUDPS_NO_TRAFFIC;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		s->creation = time_second;
 		s->expire = time_second;
 #else
@@ -3243,7 +3221,7 @@ pf_test_icmp(struct pf_rule **rm, struct pf_state **sm, int direction,
 			s->gwy.port = icmpid;
 		}
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		s->creation = time_second;
 		s->expire = time_second;
 #else
@@ -3475,7 +3453,7 @@ pf_test_other(struct pf_rule **rm, struct pf_state **sm, int direction,
 		}
 		s->src.state = PFOTHERS_SINGLE;
 		s->dst.state = PFOTHERS_NO_TRAFFIC;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		s->creation = time_second;
 		s->expire = time_second;
 #else
@@ -3839,7 +3817,7 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct ifnet *ifp,
 			src->state = dst->state = TCPS_TIME_WAIT;
 
 		/* update expire time */
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		(*state)->expire = time_second;
 #else
 		(*state)->expire = time.tv_sec;
@@ -4041,7 +4019,7 @@ pf_test_state_udp(struct pf_state **state, int direction, struct ifnet *ifp,
 		dst->state = PFUDPS_MULTIPLE;
 
 	/* update expire time */
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	(*state)->expire = time_second;
 #else
 	(*state)->expire = time.tv_sec;
@@ -4136,7 +4114,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct ifnet *ifp,
 		dirndx = (direction == (*state)->direction) ? 0 : 1;
 		(*state)->packets[dirndx]++;
 		(*state)->bytes[dirndx] += pd->tot_len;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		(*state)->expire = time_second;
 #else
 		(*state)->expire = time.tv_sec;
@@ -4643,7 +4621,7 @@ pf_test_state_other(struct pf_state **state, int direction, struct ifnet *ifp,
 		dst->state = PFOTHERS_MULTIPLE;
 
 	/* update expire time */
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	(*state)->expire = time_second;
 #else
 	(*state)->expire = time.tv_sec;
@@ -4762,7 +4740,7 @@ pf_routable(struct pf_addr *addr, sa_family_t af)
 	dst->sin_family = af;
 	dst->sin_len = sizeof(*dst);
 	dst->sin_addr = addr->v4;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 #ifdef RTF_PRCLONING
 	rtalloc_ign(&ro, (RTF_CLONING|RTF_PRCLONING));
 #else /* !RTF_PRCLONING */
@@ -4956,7 +4934,7 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 	struct m_tag		*mtag;
 	struct pf_addr		 naddr;
 	int			 error = 0;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	int sw_csum;
 #endif
 
@@ -4973,7 +4951,7 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 				goto bad;
 			m_tag_prepend(m0, mtag);
 		}
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		m0 = m_dup(*m, M_DONTWAIT);
 #else
 		m0 = m_copym2(*m, 0, M_COPYALL, M_NOWAIT);
@@ -5041,7 +5019,7 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 	}
 
 	if (oifp != ifp && mtag == NULL) {
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_UNLOCK();
 		if (pf_test(PF_OUT, ifp, &m0) != PF_PASS) {
 			PF_LOCK();
@@ -5062,7 +5040,7 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 		ip = mtod(m0, struct ip *);
 	}
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	/* Copied from FreeBSD 5.1-CURRENT ip_output. */
 	m0->m_pkthdr.csum_flags |= CSUM_IP;
 	sw_csum = m0->m_pkthdr.csum_flags & ~ifp->if_hwassist;
@@ -5129,7 +5107,7 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 	if (ip->ip_off & htons(IP_DF)) {
 		ipstat.ips_cantfrag++;
 		if (r->rt != PF_DUPTO) {
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 			/* icmp_error() expects host byte ordering */
 			NTOHS(ip->ip_len);
 			NTOHS(ip->ip_off);
@@ -5137,7 +5115,7 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 #endif
 			icmp_error(m0, ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG, 0,
 			    ifp);
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 			PF_LOCK();
 #endif
 			goto done;
@@ -5146,7 +5124,7 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 	}
 
 	m1 = m0;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	/*
 	 * XXX: is cheaper + less error prone than own function
 	 */
@@ -5156,7 +5134,7 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 #else
 	error = ip_fragment(m0, ifp, ifp->if_mtu);
 #endif
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	if (error)
 #else
 	if (error == EMSGSIZE)
@@ -5166,7 +5144,7 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 	for (m0 = m1; m0; m0 = m1) {
 		m1 = m0->m_nextpkt;
 		m0->m_nextpkt = 0;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		if (error == 0) {
 			PF_UNLOCK();
 			error = (*ifp->if_output)(ifp, m0, sintosa(dst),
@@ -5226,7 +5204,7 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 				goto bad;
 			m_tag_prepend(m0, mtag);
 		}
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		m0 = m_dup(*m, M_DONTWAIT);
 #else
 		m0 = m_copym2(*m, 0, M_COPYALL, M_NOWAIT);
@@ -5256,7 +5234,7 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 		if (mtag == NULL)
 			goto bad;
 		m_tag_prepend(m0, mtag);
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_UNLOCK();
 		ip6_output(m0, NULL, NULL, 0, NULL, NULL, NULL);
 		PF_LOCK();
@@ -5292,7 +5270,7 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 			if (mtag == NULL)
 				goto bad;
 			m_tag_prepend(m0, mtag);
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 			PF_UNLOCK();
 			if (pf_test6(PF_OUT, ifp, &m0) != PF_PASS) {
 				PF_LOCK();
@@ -5318,16 +5296,16 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 	if (IN6_IS_ADDR_LINKLOCAL(&dst->sin6_addr))
 		dst->sin6_addr.s6_addr16[1] = htons(ifp->if_index);
 	if ((u_long)m0->m_pkthdr.len <= ifp->if_mtu) {
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_UNLOCK();
 #endif
 		error = nd6_output(ifp, ifp, m0, dst, NULL);
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_LOCK();
 #endif
 	} else {
 		in6_ifstat_inc(ifp, ifs6_in_toobig);
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		if (r->rt != PF_DUPTO) {
 			PF_UNLOCK();
 			icmp6_error(m0, ICMP6_PACKET_TOO_BIG, 0, ifp->if_mtu);
@@ -5353,7 +5331,7 @@ bad:
 #endif /* INET6 */
 
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 /*
  * XXX
  * FreeBSD supports cksum offload for the following drivers.
@@ -5585,12 +5563,12 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0)
 	int		   off;
 	int		   pqid = 0;
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	PF_LOCK();
 #endif
 	if (!pf_status.running ||
 	    (m_tag_find(m, PACKET_TAG_PF_GENERATED, NULL) != NULL)) {
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_UNLOCK();
 #endif
 	    	return (PF_PASS);
@@ -5805,7 +5783,7 @@ done:
 		/* pf_route can free the mbuf causing *m0 to become NULL */
 		pf_route(m0, r, dir, ifp, s);
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	PF_UNLOCK();
 #endif
 
@@ -5826,13 +5804,13 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0)
 	struct pf_pdesc    pd;
 	int		   off, terminal = 0;
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	PF_LOCK();
 #endif
 
 	if (!pf_status.running ||
 	    (m_tag_find(m, PACKET_TAG_PF_GENERATED, NULL) != NULL)) {
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_UNLOCK();
 #endif
 		return (PF_PASS);
@@ -6051,7 +6029,7 @@ done:
 		/* pf_route6 can free the mbuf causing *m0 to become NULL */
 		pf_route6(m0, r, dir, ifp, s);
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	PF_UNLOCK();
 #endif
 	return (action);
diff --git a/sys/contrib/pf/net/pf_ioctl.c b/sys/contrib/pf/net/pf_ioctl.c
index b379275c6b47..8b63d51d1540 100644
--- a/sys/contrib/pf/net/pf_ioctl.c
+++ b/sys/contrib/pf/net/pf_ioctl.c
@@ -35,7 +35,7 @@
  *
  */
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 #include "opt_inet.h"
 #include "opt_inet6.h"
 #endif
@@ -50,7 +50,7 @@
 #include <sys/kernel.h>
 #include <sys/time.h>
 #include <sys/malloc.h>
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 #include <sys/conf.h>
 #else
 #include <sys/timeout.h>
@@ -82,7 +82,7 @@
 #include <altq/altq.h>
 #endif
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 #if (__FreeBSD_version >= 500112)
 #include <sys/limits.h>
 #else
@@ -96,7 +96,7 @@
 #include <net/pfil.h>
 #endif /* __FreeBSD__ */
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 void			 init_zone_var(void);
 void			 cleanup_pf_zone(void);
 int			 pfattach(void);
@@ -111,16 +111,16 @@ int			 pf_get_ruleset_number(u_int8_t);
 void			 pf_init_ruleset(struct pf_ruleset *);
 void			 pf_mv_pool(struct pf_palist *, struct pf_palist *);
 void			 pf_empty_pool(struct pf_palist *);
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 int			 pfioctl(dev_t, u_long, caddr_t, int, struct thread *);
 #else
 int			 pfioctl(dev_t, u_long, caddr_t, int, struct proc *);
 #endif
 
-#if defined(__FreeBSD__)
-extern struct callout pf_expire_to;
+#ifdef __FreeBSD__
+extern struct callout	 pf_expire_to;
 #if __FreeBSD_version < 501108
-extern struct protosw inetsw[];
+extern struct protosw	 inetsw[];
 #endif
 #else
 extern struct timeout	 pf_expire_to;
@@ -134,7 +134,7 @@ TAILQ_HEAD(pf_tags, pf_tagname)	pf_tags = TAILQ_HEAD_INITIALIZER(pf_tags);
 #define DPFPRINTF(n, x) if (pf_status.debug >= (n)) printf x
 
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 static dev_t		pf_dev;
 
 /*
@@ -142,7 +142,7 @@ static dev_t		pf_dev;
  */
 static int pf_beginrules(void *addr);
 static int pf_commitrules(void *addr);
-#if defined(ALTQ)
+#ifdef ALTQ
 static int pf_beginaltqs(void *addr);
 static int pf_commitaltqs(void *addr);
 static int pf_stopaltq(void);
@@ -158,7 +158,7 @@ static int pf_check_in(void *ip, int hlen, struct ifnet *ifp, int dir,
 		struct mbuf **m);
 static int pf_check_out(void *ip, int hlen, struct ifnet *ifp, int dir,
 		struct mbuf **m);
-#if defined(INET6)
+#ifdef INET6
 static int pf_check6_in(void *ip, int hlen, struct ifnet *ifp, int dir,
 		struct mbuf **m);
 static int pf_check6_out(void *ip, int hlen, struct ifnet *ifp, int dir,
@@ -169,7 +169,7 @@ static int pf_check_in(void *arg, struct mbuf **m, struct ifnet *ifp,
 		int dir);
 static int pf_check_out(void *arg, struct mbuf **m, struct ifnet *ifp,
 		int dir);
-#if defined(INET6)
+#ifdef INET6
 static int pf_check6_in(void *arg, struct mbuf **m, struct ifnet *ifp,
 		int dir);
 static int pf_check6_out(void *arg, struct mbuf **m, struct ifnet *ifp,
@@ -220,9 +220,7 @@ static struct cdevsw pf_cdevsw = {
 	.d_version =	D_VERSION,
 #endif
 };
-#endif /* __FreeBSD__ */
 
-#if defined(__FreeBSD__)
 static volatile int pf_pfil_hooked = 0;
 struct mtx pf_task_mtx;
 
@@ -279,9 +277,7 @@ cleanup_pf_zone(void)
 	UMA_DESTROY(pfr_kentry_pl);
 	UMA_DESTROY(pf_state_scrub_pl);
 }
-#endif /* __FreeBSD__ */
 
-#if defined(__FreeBSD__)
 int
 pfattach(void)
 {
@@ -433,9 +429,7 @@ pfattach(int num)
 	pf_normalize_init();
 	pf_status.debug = PF_DEBUG_URGENT;
 }
-#endif /* __FreeBSD__ */
 
-#if !defined(__FreeBSD__)
 int
 pfopen(dev_t dev, int flags, int fmt, struct proc *p)
 {
@@ -443,9 +437,7 @@ pfopen(dev_t dev, int flags, int fmt, struct proc *p)
 		return (ENXIO);
 	return (0);
 }
-#endif
 
-#if !defined(__FreeBSD__)
 int
 pfclose(dev_t dev, int flags, int fmt, struct proc *p)
 {
@@ -453,7 +445,7 @@ pfclose(dev_t dev, int flags, int fmt, struct proc *p)
 		return (ENXIO);
 	return (0);
 }
-#endif
+#endif /* __FreeBSD__ */
 
 struct pf_pool *
 pf_get_pool(char *anchorname, char *rulesetname, u_int32_t ticket,
@@ -786,7 +778,7 @@ pf_tag_unref(u_int16_t tag)
 	}
 }
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 int
 pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct thread *td)
 #else
@@ -835,7 +827,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 		case DIOCRCLRASTATS:
 		case DIOCRTSTADDRS:
 		case DIOCOSFPGET:
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		case DIOCGIFSPEED:
 #endif
 			break;
@@ -867,7 +859,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 		case DIOCRGETASTATS:
 		case DIOCRTSTADDRS:
 		case DIOCOSFPGET:
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		case DIOCGIFSPEED:
 #endif
 			break;
@@ -875,7 +867,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 			return (EACCES);
 		}
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	PF_LOCK();
 #endif
 
@@ -886,7 +878,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 			error = EEXIST;
 		else {
 			u_int32_t states = pf_status.states;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 			PF_UNLOCK();
 			error = hook_pf();
 			PF_LOCK();
@@ -899,7 +891,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 			bzero(&pf_status, sizeof(struct pf_status));
 			pf_status.running = 1;
 			pf_status.states = states;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 			pf_status.since = time_second;
 #else
 			pf_status.since = time.tv_sec;
@@ -921,7 +913,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 			error = ENOENT;
 		else {
 			pf_status.running = 0;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 			PF_UNLOCK();
 			error = dehook_pf();
 			PF_LOCK();
@@ -1440,7 +1432,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 		state->nat_rule.ptr = NULL;
 		state->anchor.ptr = NULL;
 		state->rt_ifp = NULL;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		state->creation = time_second;
 #else
 		state->creation = time.tv_sec;
@@ -1480,7 +1472,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 		    -1 : n->state->anchor.ptr->nr;
 		splx(s);
 		ps->state.expire = pf_state_expires(n->state);
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		if (ps->state.expire > time_second)
 			ps->state.expire -= time_second;
 #else
@@ -1505,7 +1497,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 				nr++;
 			splx(s);
 			ps->ps_len = sizeof(struct pf_state) * nr;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 			PF_UNLOCK();
 #endif
 			return (0);
@@ -1514,7 +1506,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 		s = splsoftnet();
 		p = ps->ps_states;
 		RB_FOREACH(n, pf_state_tree, &tree_ext_gwy) {
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 			int	secs = time_second;
 #else
 			int	secs = time.tv_sec;
@@ -1535,7 +1527,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 				pstore.expire -= secs;
 			else
 				pstore.expire = 0;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 			PF_COPYOUT(&pstore, p, sizeof(*p), error);
 #else
 			error = copyout(&pstore, p, sizeof(*p));
@@ -1696,7 +1688,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 			error = EINVAL;
 			goto fail;
 		}
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		uma_zone_set_max(pf_pool_limits[pl->index].pp, pl->limit);
 #else
 		if (pool_sethardlimit(pf_pool_limits[pl->index].pp,
@@ -1731,7 +1723,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 		break;
 	}
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	case DIOCGIFSPEED: {
 		struct pf_ifspeed	*psp = (struct pf_ifspeed *)addr;
 		struct pf_ifspeed	ps;
@@ -1777,7 +1769,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 					break;
 			}
 		}
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		if (error == 0) {
 			mtx_lock(&pf_altq_mtx);
 			pfaltq_running = 1;
@@ -1818,7 +1810,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 					error = err;
 			}
 		}
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		if (error == 0) {
 			mtx_lock(&pf_altq_mtx);
 			pfaltq_running = 0;
@@ -1842,11 +1834,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 			TAILQ_REMOVE(pf_altqs_inactive, altq, entries);
 			if (altq->qname[0] == 0) {
 				/* detach and destroy the discipline */
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 				PF_UNLOCK();
 #endif
 				error = altq_remove(altq);
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 				PF_LOCK();
 #endif
 			}
@@ -1885,11 +1877,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 			}
 		}
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_UNLOCK();
 #endif		
 		error = altq_add(altq);
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_LOCK();
 #endif
 		if (error) {
@@ -1926,11 +1918,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 		TAILQ_FOREACH(altq, pf_altqs_active, entries) {
 			if (altq->qname[0] == 0) {
 				/* attach the discipline */
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 				PF_UNLOCK();
 #endif
 				error = altq_pfattach(altq);
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 				PF_LOCK();
 #endif
 				if (error) {
@@ -1945,7 +1937,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 			TAILQ_REMOVE(pf_altqs_inactive, altq, entries);
 			if (altq->qname[0] == 0) {
 				/* detach and destroy the discipline */
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 				PF_UNLOCK();
 #endif
 				err = altq_pfdetach(altq);
@@ -1954,7 +1946,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 				err = altq_remove(altq);
 				if (err != 0 && error == 0)
 					error = err;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 				PF_LOCK();
 #endif
 			}
@@ -2042,11 +2034,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 			splx(s);
 			break;
 		}
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_UNLOCK();
 #endif
 		error = altq_getqstats(altq, pq->buf, &nbytes);
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_LOCK();
 #endif
 		splx(s);
@@ -2580,13 +2572,13 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 		break;
 	}
 fail:
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	PF_UNLOCK();
 #endif
 	return (error);
 }
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 /*
  * XXX - Check for version missmatch!!!
  */
@@ -2672,7 +2664,7 @@ pf_commitrules(void *addr)
 	return (error);
 }
 
-#if defined(ALTQ)
+#ifdef ALTQ
 static int
 pf_beginaltqs(void *addr)
 {
@@ -2684,12 +2676,12 @@ pf_beginaltqs(void *addr)
 	while ((altq = TAILQ_FIRST(pf_altqs_inactive)) != NULL) {
 		TAILQ_REMOVE(pf_altqs_inactive, altq, entries);
 		if (altq->qname[0] == 0) {
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 			PF_UNLOCK();
 #endif
 			/* detach and destroy the discipline */
 			error = altq_remove(altq);
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 			PF_LOCK();
 #endif
 		}
@@ -2729,11 +2721,11 @@ pf_commitaltqs(void *addr)
 		TAILQ_FOREACH(altq, pf_altqs_active, entries) {
 			if (altq->qname[0] == 0) {
 				/* attach the discipline */
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 				PF_UNLOCK();
 #endif
 				error = altq_pfattach(altq);
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 				PF_LOCK();
 #endif
 				if (error) {
@@ -2748,7 +2740,7 @@ pf_commitaltqs(void *addr)
 			TAILQ_REMOVE(pf_altqs_inactive, altq, entries);
 			if (altq->qname[0] == 0) {
 				/* detach and destroy the discipline */
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 				PF_UNLOCK();
 #endif
 				err = altq_pfdetach(altq);
@@ -2757,7 +2749,7 @@ pf_commitaltqs(void *addr)
 				err = altq_remove(altq);
 				if (err != 0 && error == 0)
 					error = err;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 				PF_LOCK();
 #endif
 			}
@@ -2813,7 +2805,7 @@ pf_stopaltq(void)
 					error = err;
 			}
 		}
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		if (error == 0) {
 			mtx_lock(&pf_altq_mtx);
 			pfaltq_running = 0;
@@ -2860,7 +2852,7 @@ static int
 shutdown_pf(void)
 {
 	struct pfioc_rule pr;
-#if defined(ALTQ)
+#ifdef ALTQ
 	struct pfioc_altq pa;
 #endif
 	struct pfioc_table io;
@@ -2871,7 +2863,7 @@ shutdown_pf(void)
 	PF_LOCK();
 	pf_status.running = 0;
 	do {
-#if defined(ALTQ)
+#ifdef ALTQ
 		if ((error = pf_stopaltq())) {
 			DPFPRINTF(PF_DEBUG_MISC, 
 			    ("ALTQ: stop(%i)\n", error));
@@ -2943,7 +2935,7 @@ shutdown_pf(void)
 			break;
 		}
 
-#if defined(ALTQ)
+#ifdef ALTQ
 		bzero(&pa, sizeof(pa));
 		if ((error = pf_beginaltqs(&pa))) {
 			DPFPRINTF(PF_DEBUG_MISC, 
@@ -3104,7 +3096,7 @@ hook_pf(void)
 {
 #if (__FreeBSD_version >= 501108)
 	struct pfil_head *pfh_inet;
-#if defined(INET6)
+#ifdef INET6
 	struct pfil_head *pfh_inet6;
 #endif
 #endif
@@ -3126,7 +3118,7 @@ hook_pf(void)
 		&inetsw[ip_protox[IPPROTO_IP]].pr_pfh);
 	pfil_add_hook(pf_check_out, PFIL_OUT,
 		&inetsw[ip_protox[IPPROTO_IP]].pr_pfh);
-#if defined(INET6)
+#ifdef INET6
 	pfil_add_hook(pf_check6_in, PFIL_IN,
 		&inet6sw[ip6_protox[IPPROTO_IPV6]].pr_pfh);
 	pfil_add_hook(pf_check6_out, PFIL_OUT,
@@ -3138,7 +3130,7 @@ hook_pf(void)
 		return (ESRCH); /* XXX */
 	pfil_add_hook(pf_check_in, NULL, PFIL_IN | PFIL_WAITOK, pfh_inet);
 	pfil_add_hook(pf_check_out, NULL, PFIL_OUT | PFIL_WAITOK, pfh_inet);
-#if defined(INET6)
+#ifdef INET6
 	pfh_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6);
 	if (pfh_inet6 == NULL) {
 		pfil_remove_hook(pf_check_in, NULL, PFIL_IN | PFIL_WAITOK,
@@ -3161,7 +3153,7 @@ dehook_pf(void)
 {
 #if (__FreeBSD_version >= 501108)
 	struct pfil_head *pfh_inet;
-#if defined(INET6)
+#ifdef INET6
 	struct pfil_head *pfh_inet6;
 #endif
 #endif
@@ -3176,7 +3168,7 @@ dehook_pf(void)
 		&inetsw[ip_protox[IPPROTO_IP]].pr_pfh);
 	pfil_remove_hook(pf_check_out, PFIL_OUT,
 		&inetsw[ip_protox[IPPROTO_IP]].pr_pfh);
-#if defined(INET6)
+#ifdef INET6
 	pfil_remove_hook(pf_check6_in, PFIL_IN,
 		&inet6sw[ip6_protox[IPPROTO_IPV6]].pr_pfh);
 	pfil_remove_hook(pf_check6_out, PFIL_OUT,
@@ -3190,7 +3182,7 @@ dehook_pf(void)
 	    pfh_inet);
 	pfil_remove_hook(pf_check_out, NULL, PFIL_OUT | PFIL_WAITOK,
 	    pfh_inet);
-#if defined(INET6)
+#ifdef INET6
 	pfh_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6);
 	if (pfh_inet6 == NULL)
 		return (ESRCH); /* XXX */
@@ -3216,7 +3208,7 @@ pf_load(void)
 		destroy_pf_mutex();
 		return (ENOMEM);
 	}
-#if defined(ALTQ)
+#ifdef ALTQ
 	mtx_lock(&pf_altq_mtx);
 	++pfaltq_ref;
 	mtx_unlock(&pf_altq_mtx);
@@ -3246,7 +3238,7 @@ pf_unload(void)
 	cleanup_pf_zone();
 	pf_osfp_cleanup();
 	destroy_dev(pf_dev);
-#if defined(ALTQ)
+#ifdef ALTQ
 	mtx_lock(&pf_altq_mtx);
 	--pfaltq_ref;
 	mtx_unlock(&pf_altq_mtx);
@@ -3284,7 +3276,7 @@ static moduledata_t pf_mod = {
 DECLARE_MODULE(pf, pf_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
 MODULE_DEPEND(pf, pflog, PFLOG_MINVER, PFLOG_PREFVER, PFLOG_MAXVER);
 MODULE_DEPEND(pf, pfsync, PFSYNC_MINVER, PFSYNC_PREFVER, PFSYNC_MAXVER);
-#if defined(ALTQ)
+#ifdef ALTQ
 MODULE_DEPEND(pf, pfaltq, PFALTQ_MINVER, PFALTQ_PREFVER, PFALTQ_MAXVER);
 #endif
 MODULE_VERSION(pf, PF_MODVER);
diff --git a/sys/contrib/pf/net/pf_norm.c b/sys/contrib/pf/net/pf_norm.c
index f5607cee96e3..9bba4e839493 100644
--- a/sys/contrib/pf/net/pf_norm.c
+++ b/sys/contrib/pf/net/pf_norm.c
@@ -26,12 +26,12 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 #include "opt_inet.h"
 #include "opt_inet6.h"
 #include "opt_random_ip_id.h"	/* or ip_var does not export it */
 #include "opt_pf.h"
-#define NPFLOG DEV_PFLOG
+#define	NPFLOG DEV_PFLOG
 #else
 #include "pflog.h"
 #endif
@@ -44,11 +44,9 @@
 #include <sys/socket.h>
 #include <sys/kernel.h>
 #include <sys/time.h>
-#if !defined(__FreeBSD__)
+#ifndef __FreeBSD__
 #include <sys/pool.h>
-#endif
 
-#if !defined(__FreeBSD__)
 #include <dev/rndvar.h>
 #endif
 #include <net/if.h>
@@ -115,7 +113,7 @@ struct ip6_opt_router {
 } __packed;
 #endif /* __FreeBSD__ && INET6 */
 
-#if !defined(__FreeBSD__)
+#ifndef __FreeBSD__
 struct pf_frent {
 	LIST_ENTRY(pf_frent) fr_next;
 	struct ip *fr_ip;
@@ -134,7 +132,7 @@ struct pf_frcache {
 #define PFFRAG_DROP	0x0004		/* Drop all fragments */
 #define BUFFER_FRAGMENTS(fr)	(!((fr)->fr_flags & PFFRAG_NOBUFFER))
 
-#if !defined(__FreeBSD__)
+#ifndef __FreeBSD__
 struct pf_fragment {
 	RB_ENTRY(pf_fragment) fr_entry;
 	TAILQ_ENTRY(pf_fragment) frag_next;
@@ -184,7 +182,7 @@ int			 pf_normalize_tcpopt(struct pf_rule *, struct mbuf *,
 			    { printf("%s: ", __func__); printf x ;}
 
 /* Globals */
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 uma_zone_t		 pf_frent_pl, pf_frag_pl, pf_cache_pl, pf_cent_pl;
 uma_zone_t		 pf_state_scrub_pl;
 #else
@@ -196,7 +194,7 @@ int			 pf_nfrents, pf_ncache;
 void
 pf_normalize_init(void)
 {
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	/*
 	 * XXX
 	 * No high water mark support(It's hint not hard limit).
@@ -227,7 +225,7 @@ pf_normalize_init(void)
 	TAILQ_INIT(&pf_cachequeue);
 }
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 static int
 #else
 static __inline int
@@ -255,7 +253,7 @@ void
 pf_purge_expired_fragments(void)
 {
 	struct pf_fragment	*frag;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	u_int32_t		 expire = time_second - 
 				    pf_default_rule.timeout[PFTM_FRAG];
 #else
@@ -264,7 +262,7 @@ pf_purge_expired_fragments(void)
 #endif
 
 	while ((frag = TAILQ_LAST(&pf_fragqueue, pf_fragqueue)) != NULL) {
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		KASSERT((BUFFER_FRAGMENTS(frag)),
 			("BUFFER_FRAGMENTS(frag) == 0: %s", __FUNCTION__));
 #else
@@ -278,7 +276,7 @@ pf_purge_expired_fragments(void)
 	}
 
 	while ((frag = TAILQ_LAST(&pf_cachequeue, pf_cachequeue)) != NULL) {
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		KASSERT((!BUFFER_FRAGMENTS(frag)),
 			("BUFFER_FRAGMENTS(frag) != 0: %s", __FUNCTION__));
 #else
@@ -289,7 +287,7 @@ pf_purge_expired_fragments(void)
 
 		DPFPRINTF(("expiring %d(%p)\n", frag->fr_id, frag));
 		pf_free_fragment(frag);
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		KASSERT((TAILQ_EMPTY(&pf_cachequeue) ||
 		    TAILQ_LAST(&pf_cachequeue, pf_cachequeue) != frag),
 		    ("!(TAILQ_EMPTY() || TAILQ_LAST() == farg): %s",
@@ -356,7 +354,7 @@ pf_free_fragment(struct pf_fragment *frag)
 		    frcache = LIST_FIRST(&frag->fr_cache)) {
 			LIST_REMOVE(frcache, fr_next);
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 			KASSERT((LIST_EMPTY(&frag->fr_cache) ||
 			    LIST_FIRST(&frag->fr_cache)->fr_off >
 			    frcache->fr_end),
@@ -396,7 +394,7 @@ pf_find_fragment(struct ip *ip, struct pf_frag_tree *tree)
 	frag = RB_FIND(pf_frag_tree, tree, &key);
 	if (frag != NULL) {
 		/* XXX Are we sure we want to update the timeout? */
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		frag->fr_timeout = time_second;
 #else
 		frag->fr_timeout = time.tv_sec;
@@ -443,7 +441,7 @@ pf_reassemble(struct mbuf **m0, struct pf_fragment **frag,
 	u_int16_t	 ip_len = ntohs(ip->ip_len) - ip->ip_hl * 4;
 	u_int16_t	 max = ip_len + off;
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	KASSERT((*frag == NULL || BUFFER_FRAGMENTS(*frag)),
 	    ("! (*frag == NULL || BUFFER_FRAGMENTS(*frag)): %s", __FUNCTION__));
 #else
@@ -470,7 +468,7 @@ pf_reassemble(struct mbuf **m0, struct pf_fragment **frag,
 		(*frag)->fr_dst = frent->fr_ip->ip_dst;
 		(*frag)->fr_p = frent->fr_ip->ip_p;
 		(*frag)->fr_id = frent->fr_ip->ip_id;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		(*frag)->fr_timeout = time_second;
 #else
 		(*frag)->fr_timeout = time.tv_sec;
@@ -495,7 +493,7 @@ pf_reassemble(struct mbuf **m0, struct pf_fragment **frag,
 		frep = frea;
 	}
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	KASSERT((frep != NULL || frea != NULL),
 	    ("!(frep != NULL || frea != NULL): %s", __FUNCTION__));;
 #else
@@ -585,7 +583,7 @@ pf_reassemble(struct mbuf **m0, struct pf_fragment **frag,
 
 	/* We have all the data */
 	frent = LIST_FIRST(&(*frag)->fr_queue);
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	KASSERT((frent != NULL), ("frent == NULL: %s", __FUNCTION__));
 #else
 	KASSERT(frent != NULL);
@@ -658,7 +656,7 @@ pf_fragcache(struct mbuf **m0, struct ip *h, struct pf_fragment **frag, int mff,
 	u_int16_t		 max = ip_len + off;
 	int			 hosed = 0;
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	KASSERT((*frag == NULL || !BUFFER_FRAGMENTS(*frag)),
 	    ("!(*frag == NULL || !BUFFER_FRAGMENTS(*frag)): %s", __FUNCTION__));
 #else
@@ -690,7 +688,7 @@ pf_fragcache(struct mbuf **m0, struct ip *h, struct pf_fragment **frag, int mff,
 		(*frag)->fr_dst = h->ip_dst;
 		(*frag)->fr_p = h->ip_p;
 		(*frag)->fr_id = h->ip_id;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		(*frag)->fr_timeout = time_second;
 #else
 		(*frag)->fr_timeout = time.tv_sec;
@@ -720,7 +718,7 @@ pf_fragcache(struct mbuf **m0, struct ip *h, struct pf_fragment **frag, int mff,
 		frp = fra;
 	}
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	KASSERT((frp != NULL || fra != NULL),
 	    ("!(frp != NULL || fra != NULL): %s", __FUNCTION__));
 #else
@@ -767,7 +765,7 @@ pf_fragcache(struct mbuf **m0, struct ip *h, struct pf_fragment **frag, int mff,
 				 * than this mbuf magic.  For my next trick,
 				 * I'll pull a rabbit out of my laptop.
 				 */
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 				*m0 = m_dup(m, M_DONTWAIT);
 				/* From KAME Project : We have missed this! */
 				m_adj(*m0, (h->ip_hl << 2) -
@@ -777,7 +775,7 @@ pf_fragcache(struct mbuf **m0, struct ip *h, struct pf_fragment **frag, int mff,
 #endif
 				if (*m0 == NULL)
 					goto no_mem;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 				KASSERT(((*m0)->m_next == NULL), 
 				    ("(*m0)->m_next != NULL: %s", 
 				    __FUNCTION__));
@@ -798,7 +796,7 @@ pf_fragcache(struct mbuf **m0, struct ip *h, struct pf_fragment **frag, int mff,
 
 				h = mtod(m, struct ip *);
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 				KASSERT(((int)m->m_len == ntohs(h->ip_len) - precut),
 				    ("m->m_len != ntohs(h->ip_len) - precut: %s",
 				    __FUNCTION__));
@@ -859,7 +857,7 @@ pf_fragcache(struct mbuf **m0, struct ip *h, struct pf_fragment **frag, int mff,
 					m->m_pkthdr.len = plen;
 				}
 				h = mtod(m, struct ip *);
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 				KASSERT(((int)m->m_len == ntohs(h->ip_len) - aftercut),
 				    ("m->m_len != ntohs(h->ip_len) - aftercut: %s",
 				    __FUNCTION__));
@@ -903,7 +901,7 @@ pf_fragcache(struct mbuf **m0, struct ip *h, struct pf_fragment **frag, int mff,
 
 			} else if (frp && fra->fr_off <= frp->fr_end) {
 				/* Need to merge in a modified 'frp' */
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 				KASSERT((cur == NULL), ("cur != NULL: %s",
 				    __FUNCTION__));
 #else
@@ -1478,7 +1476,7 @@ pf_normalize_tcp_init(struct mbuf *m, int off, struct pf_pdesc *pd,
 	u_int8_t hdr[60];
 	u_int8_t *opt;
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	KASSERT((src->scrub == NULL), 
 	    ("pf_normalize_tcp_init: src->scrub != NULL"));
 #else
@@ -1567,7 +1565,7 @@ pf_normalize_tcp_stateful(struct mbuf *m, int off, struct pf_pdesc *pd,
 	u_int8_t *opt;
 	int copyback = 0;
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	KASSERT((src->scrub || dst->scrub), 
 	    ("pf_normalize_tcp_statefull: src->scrub && dst->scrub!"));
 #else
diff --git a/sys/contrib/pf/net/pf_osfp.c b/sys/contrib/pf/net/pf_osfp.c
index 45d0c10d5f41..8687cb0e437a 100644
--- a/sys/contrib/pf/net/pf_osfp.c
+++ b/sys/contrib/pf/net/pf_osfp.c
@@ -41,7 +41,7 @@
 # define DPFPRINTF(format, x...)		\
 	if (pf_status.debug >= PF_DEBUG_NOISY)	\
 		printf(format , ##x)
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 typedef uma_zone_t pool_t;
 #else
 typedef struct pool pool_t;
@@ -59,7 +59,7 @@ typedef struct pool pool_t;
 # define pool_put(pool, item)	free(item)
 # define pool_init(pool, size, a, ao, f, m, p)	(*(pool)) = (size)
 
-# if defined(__FreeBSD__)
+# ifdef __FreeBSD__
 # define NTOHS(x) (x) = ntohs((u_int16_t)(x))
 # endif
 
@@ -236,7 +236,7 @@ pf_osfp_match(struct pf_osfp_enlist *list, pf_osfp_t os)
 }
 
 /* Initialize the OS fingerprint system */
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 int
 #else
 void
@@ -259,8 +259,8 @@ pf_osfp_initialize(void)
 	    "pfosfp", NULL);
 #endif
 	SLIST_INIT(&pf_osfp_list);
-#if defined(__FreeBSD__)
-#if defined(_KERNEL)
+#ifdef __FreeBSD__
+#ifdef _KERNEL
 	return (error);
 #else
 	return (0);
diff --git a/sys/contrib/pf/net/pf_table.c b/sys/contrib/pf/net/pf_table.c
index c96fd7030f61..fb109157d4f9 100644
--- a/sys/contrib/pf/net/pf_table.c
+++ b/sys/contrib/pf/net/pf_table.c
@@ -31,7 +31,7 @@
  *
  */
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 #include "opt_inet.h"
 #include "opt_inet6.h"
 #endif
@@ -41,23 +41,19 @@
 #include <sys/socket.h>
 #include <sys/mbuf.h>
 #include <sys/kernel.h>
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 #include <sys/malloc.h>
 #endif
 
 #include <net/if.h>
 #include <net/route.h>
 #include <netinet/in.h>
-#if !defined(__FreeBSD__)
+#ifndef __FreeBSD__
 #include <netinet/ip_ipsp.h>
 #endif
 
 #include <net/pfvar.h>
 
-#if defined(FreeBSD__)
-MALLOC_DECLARE(M_RTABLE);
-#endif
-
 #define ACCEPT_FLAGS(oklist)			\
 	do {					\
 		if ((flags & ~(oklist)) &	\
@@ -125,7 +121,7 @@ struct pfr_walktree {
 
 #define senderr(e)	do { rv = (e); goto _bad; } while (0)
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 uma_zone_t		 pfr_ktable_pl;
 uma_zone_t		 pfr_kentry_pl;
 #else
@@ -193,7 +189,7 @@ int			 pfr_ktable_cnt;
 void
 pfr_initialize(void)
 {
-#if !defined(__FreeBSD__)
+#ifndef __FreeBSD__
 	pool_init(&pfr_ktable_pl, sizeof(struct pfr_ktable), 0, 0, 0,
 	    "pfrktable", NULL);
 	pool_init(&pfr_kentry_pl, sizeof(struct pfr_kentry), 0, 0, 0,
@@ -249,7 +245,7 @@ pfr_add_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
 	struct pfr_kentry	*p, *q;
 	struct pfr_addr		 ad;
 	int			 i, rv, s, xadd = 0;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	int			ec;
 	/*
 	 * XXX Is it OK under LP64 environments?
@@ -272,7 +268,7 @@ pfr_add_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
 		return (ENOMEM);
 	SLIST_INIT(&workq);
 	for (i = 0; i < size; i++) {
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_COPYIN(addr+i, &ad, sizeof(ad), ec);
 		if (ec)
 			senderr(EFAULT);
@@ -306,7 +302,7 @@ pfr_add_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
 				xadd++;
 			}
 		}
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		if (flags & PFR_FLAG_FEEDBACK) {
 			PF_COPYOUT(&ad, addr+i, sizeof(ad), ec);
 			if (ec)
@@ -349,7 +345,7 @@ pfr_del_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
 	struct pfr_kentry	*p;
 	struct pfr_addr		 ad;
 	int			 i, rv, s, xdel = 0;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	int			ec;
 #endif
 
@@ -364,7 +360,7 @@ pfr_del_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
 	pfr_mark_addrs(kt);
 	SLIST_INIT(&workq);
 	for (i = 0; i < size; i++) {
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_COPYIN(addr+i, &ad, sizeof(ad), ec);
 		if (ec)
 			senderr(EFAULT);
@@ -391,7 +387,7 @@ pfr_del_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
 			SLIST_INSERT_HEAD(&workq, p, pfrke_workq);
 			xdel++;
 		}
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		if (flags & PFR_FLAG_FEEDBACK) {
 			PF_COPYOUT(&ad, addr+i, sizeof(ad), ec);
 			if (ec)
@@ -428,7 +424,7 @@ pfr_set_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
 	struct pfr_kentry	*p, *q;
 	struct pfr_addr		 ad;
 	int			 i, rv, s, xadd = 0, xdel = 0, xchange = 0;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	int			ec;
 	/*
 	 * XXX Is it OK under LP64 environments?
@@ -454,7 +450,7 @@ pfr_set_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
 	SLIST_INIT(&delq);
 	SLIST_INIT(&changeq);
 	for (i = 0; i < size; i++) {
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_COPYIN(addr+i, &ad, sizeof(ad), ec);
 		if (ec)
 			senderr(EFAULT);
@@ -496,7 +492,7 @@ pfr_set_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
 			}
 		}
 _skip:
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		if (flags & PFR_FLAG_FEEDBACK) {
 			PF_COPYOUT(&ad, addr+i, sizeof(ad), ec);
 			if (ec)
@@ -518,7 +514,7 @@ _skip:
 		SLIST_FOREACH(p, &delq, pfrke_workq) {
 			pfr_copyout_addr(&ad, p);
 			ad.pfra_fback = PFR_FB_DELETED;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 			PF_COPYOUT(&ad, addr+size+i, sizeof(ad), ec);
 			if (ec)
 				senderr(EFAULT);
@@ -567,7 +563,7 @@ pfr_tst_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
 	struct pfr_kentry	*p;
 	struct pfr_addr		 ad;
 	int			 i, xmatch = 0;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	int			ec;
 #endif
 
@@ -579,7 +575,7 @@ pfr_tst_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
 		return (ESRCH);
 
 	for (i = 0; i < size; i++) {
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_COPYIN(addr+i, &ad, sizeof(ad), ec);
 		if (ec)
 			return (EFAULT);
@@ -598,7 +594,7 @@ pfr_tst_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
 		    (p->pfrke_not ? PFR_FB_NOTMATCH : PFR_FB_MATCH);
 		if (p != NULL && !p->pfrke_not)
 			xmatch++;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_COPYOUT(&ad, addr+i, sizeof(ad), ec);
 		if (ec)
 			return (EFAULT);
@@ -635,13 +631,13 @@ pfr_get_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int *size,
 	w.pfrw_op = PFRW_GET_ADDRS;
 	w.pfrw_addr = addr;
 	w.pfrw_free = kt->pfrkt_cnt;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	rv = kt->pfrkt_ip4->rnh_walktree(kt->pfrkt_ip4, pfr_walktree, &w);
 #else
 	rv = rn_walktree(kt->pfrkt_ip4, pfr_walktree, &w);
 #endif
 	if (!rv)
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		rv = kt->pfrkt_ip6->rnh_walktree(kt->pfrkt_ip6, pfr_walktree, 
 		    &w);
 #else
@@ -667,7 +663,7 @@ pfr_get_astats(struct pfr_table *tbl, struct pfr_astats *addr, int *size,
 	struct pfr_walktree	 w;
 	struct pfr_kentryworkq	 workq;
 	int			 rv, s;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	/*
 	 * XXX Is it OK under LP64 environments?
 	 */
@@ -693,13 +689,13 @@ pfr_get_astats(struct pfr_table *tbl, struct pfr_astats *addr, int *size,
 	w.pfrw_free = kt->pfrkt_cnt;
 	if (flags & PFR_FLAG_ATOMIC)
 		s = splsoftnet();
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	rv = kt->pfrkt_ip4->rnh_walktree(kt->pfrkt_ip4, pfr_walktree, &w);
 #else
 	rv = rn_walktree(kt->pfrkt_ip4, pfr_walktree, &w);
 #endif
 	if (!rv)
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		rv = kt->pfrkt_ip6->rnh_walktree(kt->pfrkt_ip6, pfr_walktree, 
 		    &w);
 #else
@@ -732,7 +728,7 @@ pfr_clr_astats(struct pfr_table *tbl, struct pfr_addr *addr, int size,
 	struct pfr_kentry	*p;
 	struct pfr_addr		 ad;
 	int			 i, rv, s, xzero = 0;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	int			ec;
 #endif
 
@@ -744,7 +740,7 @@ pfr_clr_astats(struct pfr_table *tbl, struct pfr_addr *addr, int size,
 		return (ESRCH);
 	SLIST_INIT(&workq);
 	for (i = 0; i < size; i++) {
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_COPYIN(addr+i, &ad, sizeof(ad), ec);
 		if (ec)
 			senderr(EFAULT);
@@ -758,7 +754,7 @@ pfr_clr_astats(struct pfr_table *tbl, struct pfr_addr *addr, int size,
 		if (flags & PFR_FLAG_FEEDBACK) {
 			ad.pfra_fback = (p != NULL) ?
 			    PFR_FB_CLEARED : PFR_FB_NONE;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 			PF_COPYOUT(&ad, addr+i, sizeof(ad), ec);
 			if (ec)
 				senderr(EFAULT);
@@ -830,7 +826,7 @@ pfr_enqueue_addrs(struct pfr_ktable *kt, struct pfr_kentryworkq *workq,
 	w.pfrw_op = sweep ? PFRW_SWEEP : PFRW_ENQUEUE;
 	w.pfrw_workq = workq;
 	if (kt->pfrkt_ip4 != NULL)
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		if (kt->pfrkt_ip4->rnh_walktree(kt->pfrkt_ip4, pfr_walktree, 
 		    &w))
 #else
@@ -838,7 +834,7 @@ pfr_enqueue_addrs(struct pfr_ktable *kt, struct pfr_kentryworkq *workq,
 #endif
 			printf("pfr_enqueue_addrs: IPv4 walktree failed.\n");
 	if (kt->pfrkt_ip6 != NULL)
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		if (kt->pfrkt_ip6->rnh_walktree(kt->pfrkt_ip6, pfr_walktree, 
 		    &w))
 #else
@@ -856,13 +852,13 @@ pfr_mark_addrs(struct pfr_ktable *kt)
 
 	bzero(&w, sizeof(w));
 	w.pfrw_op = PFRW_MARK;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	if (kt->pfrkt_ip4->rnh_walktree(kt->pfrkt_ip4, pfr_walktree, &w))
 #else
 	if (rn_walktree(kt->pfrkt_ip4, pfr_walktree, &w))
 #endif
 		printf("pfr_mark_addrs: IPv4 walktree failed.\n");
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	if (kt->pfrkt_ip6->rnh_walktree(kt->pfrkt_ip6, pfr_walktree, &w))
 #else
 	if (rn_walktree(kt->pfrkt_ip6, pfr_walktree, &w))
@@ -1014,12 +1010,12 @@ pfr_reset_feedback(struct pfr_addr *addr, int size)
 {
 	struct pfr_addr	ad;
 	int		i;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	int		ec;
 #endif
 
 	for (i = 0; i < size; i++) {
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_COPYIN(addr+i, &ad, sizeof(ad), ec);
 		if (ec)
 			break;
@@ -1028,7 +1024,7 @@ pfr_reset_feedback(struct pfr_addr *addr, int size)
 			break;
 #endif
 		ad.pfra_fback = PFR_FB_NONE;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_COPYOUT(&ad, addr+i, sizeof(ad), ec);
 		if (ec)
 			break;
@@ -1150,7 +1146,7 @@ pfr_walktree(struct radix_node *rn, void *arg)
 	struct pfr_kentry	*ke = (struct pfr_kentry *)rn;
 	struct pfr_walktree	*w = arg;
 	int			 s;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	int			ec;
 #endif
 
@@ -1171,7 +1167,7 @@ pfr_walktree(struct radix_node *rn, void *arg)
 			struct pfr_addr ad;
 
 			pfr_copyout_addr(&ad, ke);
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 			PF_COPYOUT(&ad, w->pfrw_addr, sizeof(ad), ec);
 			if (ec)
 				return (EFAULT);
@@ -1196,7 +1192,7 @@ pfr_walktree(struct radix_node *rn, void *arg)
 			splx(s);
 			as.pfras_tzero = ke->pfrke_tzero;
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 			PF_COPYOUT(&as, w->pfrw_astats, sizeof(as), ec);
 			if (ec)
 				return (EFAULT);
@@ -1258,7 +1254,7 @@ pfr_add_tables(struct pfr_table *tbl, int size, int *nadd, int flags)
 	struct pfr_ktableworkq	 addq, changeq;
 	struct pfr_ktable	*p, *q, *r, key;
 	int			 i, rv, s, xadd = 0;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	int			ec;
 	/*
 	 * XXX Is it OK under LP64 environments?
@@ -1272,7 +1268,7 @@ pfr_add_tables(struct pfr_table *tbl, int size, int *nadd, int flags)
 	SLIST_INIT(&addq);
 	SLIST_INIT(&changeq);
 	for (i = 0; i < size; i++) {
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_COPYIN(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t), ec);
 		if (ec)
 			senderr(EFAULT);
@@ -1352,14 +1348,14 @@ pfr_del_tables(struct pfr_table *tbl, int size, int *ndel, int flags)
 	struct pfr_ktableworkq	 workq;
 	struct pfr_ktable	*p, *q, key;
 	int			 i, s, xdel = 0;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	int			ec;
 #endif
 
 	ACCEPT_FLAGS(PFR_FLAG_ATOMIC+PFR_FLAG_DUMMY);
 	SLIST_INIT(&workq);
 	for (i = 0; i < size; i++) {
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_COPYIN(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t), ec);
 		if (ec)
 			return (EFAULT);
@@ -1400,7 +1396,7 @@ pfr_get_tables(struct pfr_table *filter, struct pfr_table *tbl, int *size,
 {
 	struct pfr_ktable	*p;
 	int			 n, nn;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	int			ec;
 #endif
 
@@ -1417,7 +1413,7 @@ pfr_get_tables(struct pfr_table *filter, struct pfr_table *tbl, int *size,
 			continue;
 		if (n-- <= 0)
 			continue;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_COPYOUT(&p->pfrkt_t, tbl++, sizeof(*tbl), ec);
 		if (ec)
 			return (EFAULT);
@@ -1441,7 +1437,7 @@ pfr_get_tstats(struct pfr_table *filter, struct pfr_tstats *tbl, int *size,
 	struct pfr_ktable	*p;
 	struct pfr_ktableworkq	 workq;
 	int			 s, n, nn;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	int			ec;
 	/*
 	 * XXX Is it OK under LP64 environments?
@@ -1470,7 +1466,7 @@ pfr_get_tstats(struct pfr_table *filter, struct pfr_tstats *tbl, int *size,
 			continue;
 		if (!(flags & PFR_FLAG_ATOMIC))
 			s = splsoftnet();
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_COPYOUT(&p->pfrkt_ts, tbl++, sizeof(*tbl), ec);
 		if (ec) {
 			splx(s);
@@ -1505,7 +1501,7 @@ pfr_clr_tstats(struct pfr_table *tbl, int size, int *nzero, int flags)
 	struct pfr_ktableworkq	 workq;
 	struct pfr_ktable	*p, key;
 	int			 i, s, xzero = 0;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	int			ec;
 	/*
 	 * XXX Is it OK under LP64 environments?
@@ -1518,7 +1514,7 @@ pfr_clr_tstats(struct pfr_table *tbl, int size, int *nzero, int flags)
 	ACCEPT_FLAGS(PFR_FLAG_ATOMIC+PFR_FLAG_DUMMY+PFR_FLAG_ADDRSTOO);
 	SLIST_INIT(&workq);
 	for (i = 0; i < size; i++) {
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_COPYIN(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t), ec);
 		if (ec)
 			return (EFAULT);
@@ -1553,7 +1549,7 @@ pfr_set_tflags(struct pfr_table *tbl, int size, int setflag, int clrflag,
 	struct pfr_ktableworkq	 workq;
 	struct pfr_ktable	*p, *q, key;
 	int			 i, s, xchange = 0, xdel = 0;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	int			ec;
 #endif
 
@@ -1564,7 +1560,7 @@ pfr_set_tflags(struct pfr_table *tbl, int size, int setflag, int clrflag,
 		return (EINVAL);
 	SLIST_INIT(&workq);
 	for (i = 0; i < size; i++) {
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_COPYIN(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t), ec);
 		if (ec)
 			return (EFAULT);
@@ -1652,7 +1648,7 @@ pfr_ina_define(struct pfr_table *tbl, struct pfr_addr *addr, int size,
 	struct pfr_addr		 ad;
 	struct pf_ruleset	*rs;
 	int			 i, rv, xadd = 0, xaddr = 0;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	int			ec;
 #endif
 
@@ -1701,7 +1697,7 @@ _skip:
 	}
 	SLIST_INIT(&addrq);
 	for (i = 0; i < size; i++) {
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		PF_COPYIN(addr+i, &ad, sizeof(ad), ec);
 		if (ec)
 			senderr(EFAULT);
@@ -1757,7 +1753,7 @@ pfr_ina_commit(struct pfr_table *trs, u_int32_t ticket, int *nadd,
 	struct pfr_ktableworkq	 workq;
 	struct pf_ruleset	*rs;
 	int			 s, xadd = 0, xchange = 0;
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 	/*
 	 * XXX Is it OK under LP64 environments?
 	 */
@@ -2192,7 +2188,7 @@ pfr_attach_table(struct pf_ruleset *rs, char *name)
 	}
 	kt = pfr_lookup_table(&tbl);
 	if (kt == NULL) {
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		/*
 		 * XXX Is it OK under LP64 environments?
 		 */
@@ -2323,14 +2319,14 @@ pfr_kentry_byidx(struct pfr_ktable *kt, int idx, int af)
 
 	switch(af) {
 	case AF_INET:
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		kt->pfrkt_ip4->rnh_walktree(kt->pfrkt_ip4, pfr_walktree, &w);
 #else
 		rn_walktree(kt->pfrkt_ip4, pfr_walktree, &w);
 #endif
 		return w.pfrw_kentry;
 	case AF_INET6:
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 		kt->pfrkt_ip6->rnh_walktree(kt->pfrkt_ip6, pfr_walktree, &w);
 #else
 		rn_walktree(kt->pfrkt_ip6, pfr_walktree, &w);
diff --git a/sys/contrib/pf/net/pfvar.h b/sys/contrib/pf/net/pfvar.h
index ffd481286387..5f7155658919 100644
--- a/sys/contrib/pf/net/pfvar.h
+++ b/sys/contrib/pf/net/pfvar.h
@@ -39,13 +39,13 @@
 #include <sys/tree.h>
 
 #include <net/radix.h>
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 #include <vm/uma.h>
 #else
 #include <netinet/ip_ipsp.h>
 #endif
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 #include <netinet/in.h>
 /*
  * XXX
@@ -134,13 +134,15 @@ struct pf_addr_wrap {
 	u_int8_t		 type;		/* PF_ADDR_* */
 };
 
+#ifdef _KERNEL
+
 struct pf_addr_dyn {
 	char			 ifname[IFNAMSIZ];
 	struct ifnet		*ifp;
 	struct pf_addr		*addr;
 	sa_family_t		 af;
-#if defined(__FreeBSD__) && defined(HOOK_HACK)
-	eventhandler_tag	hook_cookie;
+#ifdef __FreeBSD__
+	eventhandler_tag	 hook_cookie;
 #else
 	void			*hook_cookie;
 #endif
@@ -151,9 +153,7 @@ struct pf_addr_dyn {
  * Address manipulation macros
  */
 
-#ifdef _KERNEL
-
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 #define splsoftnet()	splnet()
 
 #define	HTONL(x)	(x) = htonl((__uint32_t)(x))
@@ -175,7 +175,7 @@ struct pf_addr_dyn {
 		if(var) uma_zdestroy(var)
 
 extern struct mtx pf_task_mtx;
-#if defined(ALTQ)
+#ifdef ALTQ
 extern struct mtx pf_altq_mtx;
 extern int pfaltq_ref;
 #endif
@@ -1190,7 +1190,7 @@ struct pfioc_table {
 #define DIOCOSFPFLUSH	_IO('D', 78)
 #define DIOCOSFPADD	_IOWR('D', 79, struct pf_osfp_ioctl)
 #define DIOCOSFPGET	_IOWR('D', 80, struct pf_osfp_ioctl)
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 struct pf_ifspeed {
 	char			ifname[IFNAMSIZ];
 	u_int32_t		baudrate;
@@ -1231,7 +1231,7 @@ extern void			 pf_calc_skip_steps(struct pf_rulequeue *);
 extern void			 pf_rule_set_qid(struct pf_rulequeue *);
 extern u_int32_t		 pf_qname_to_qid(char *);
 extern void			 pf_update_anchor_rules(void);
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 extern uma_zone_t		 pf_tree_pl, pf_rule_pl, pf_addr_pl;
 extern uma_zone_t		 pf_state_pl, pf_altq_pl, pf_pooladdr_pl;
 extern uma_zone_t		 pfr_ktable_pl, pfr_kentry_pl;
@@ -1339,7 +1339,7 @@ int		pf_tag_packet(struct mbuf *, struct pf_tag *, int);
 
 extern struct pf_status	pf_status;
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 extern uma_zone_t	pf_frent_pl, pf_frag_pl;
 #else
 extern struct pool	pf_frent_pl, pf_frag_pl;
@@ -1351,7 +1351,7 @@ struct pf_pool_limit {
 };
 extern struct pf_pool_limit	pf_pool_limits[PF_LIMIT_MAX];
 
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 struct pf_frent {
 	LIST_ENTRY(pf_frent) fr_next;
 	struct ip *fr_ip;
@@ -1396,7 +1396,7 @@ struct pf_osfp_enlist *
 	pf_osfp_fingerprint_hdr(const struct ip *, const struct tcphdr *);
 void	pf_osfp_flush(void);
 int	pf_osfp_get(struct pf_osfp_ioctl *);
-#if defined(__FreeBSD__)
+#ifdef __FreeBSD__
 int	pf_osfp_initialize(void);
 void	pf_osfp_cleanup(void);
 #else