Upgrading IPFilter on OpenBSD Mini-How-To

This article assumes a few things. First, that you've built an OpenBSD kernel before and are relatively comfortable with the process. Second, that you know how to download OpenBSD's CVS trees to your machine. Third, that you are familiar with the process of setting up IPFilter, including changes to rc.conf, etc. If you require guidance with any of these, I suggest you visit OpenBSD's web site for help.

Start with a fresh OpenBSD source tree, and a kernel configuration file that you know works.
Download the IPFilter tarball off the web site and unzip to a suitable temporary directory of your choice.
Unzip the tarball.
Change to the directory created when you unzipped the tarball.
Run make openbsd
Run make install-bsd
Change to the OpenBSD/ subdirectory.
Run ./kinstall
Under the assumption you already have a working config file, give kinstall the name of the config file.
Change to the /usr/src/sys/net directory.
Edit if.c

Change the following block to code (around line 377 for OpenBSD 2.8):

#ifdef IPFILTER
        /* XXX More ipf & ipnat cleanup needed.  */
        nat_ifdetach(ifp);
#endif

to:

#ifdef IPFILTER
        /* XXX More ipf & ipnat cleanup needed.  */
        frsync();
#endif

Change to the /usr/src/sys/arch//conf directory.
Run config on the kernel config file you gave to kinstall.
Change to the /usr/src/sys/arch//compile/ directory
Run make clean (if needed)
Run make depend
Run make
Back up your old kernel.
Install the newly created kernel.
Reboot.
After the machine comes back up, login.
Run ipf -V and make sure the kernel version string is correct for the version you're installing.

This method's been tested on both OpenBSD 2.7 and 2.8, with IPFilter version 3.4.11 and higher (yes, I'm a relative newbie to ipf).
It's only been tested on i386 architecture machines.
The source change from nat_ifdetach() to frsync() is based on several discussions on the IPFilter mailing list, and based on Darren's comment in this post.