Changes since 4.1.19
====================
* adjust TCP state numbers, making 11 closed (was 0) to better facilitate
   detecting closing connections that we can wipe out when a SYN arrives
   that matches the old

* use NL_EXPIRE, not ISL_EXPIRE, for expiring NAT sessions

* adjust TCP timeout values and introduce a time-wait specifc timeout
   to get a better TCP FSM emulation and one that can hopefully do a better
   job of cleaning up in a speedy fashion than previous

* refactor the automatic flushing of TCP state entries when we fill up,
   but use the same algorithm as before but now it hopefully works

* only 2 out of 4 interface names were being changed by ipfs when
   interface renaming was being used for state entries

* add ipf_proxy_debug to ipf-T

* matching of last fragments that had a number of bytes that wasn't a
   multiple of 8 failed

* some combinations of TCP flags are considered bad aren't picked up as such,
   but these may be possible with T/TCP