Major cleanup of the base IPFilter:

Major cleanup of the base IPFilter:

o Vendor's ChangeLog available in src/contrib/ipfilter/HISTORY.

o Update kernel and userland to version 3.4.35, major changes:

    * only allow non-fragmented packets to influence whether or
      not a logged packet is the same as the one logged before.

    * block packets that fail to create stable entries.

    * correct the ICMP packet checksum fixing up when processing
      ICMP errors for NAT.

    * implement a maximum for the number of entries in the NAT
      table (NAT_TABLE_MAX and ipf_nattable_max).

    * frsynclist() wasn't paying attention to all places where
      interface names are, like it should.

    * fix comparison of ICMP packets with established TCP state
      where only 8 bytes of header are returned in the ICMP
      error.

o Following files were removed from under src/contrib/ipfilter,
  because they were redundant:

      fil.c ip_auth.c ip_auth.h ip_compat.h ip_fil.c ip_fil.h
      ip_frag.c ip_frag.h ip_ftp_pxy.c ip_log.c ip_nat.c
      ip_nat.h ip_proxy.c ip_proxy.h ip_raudio_pxy.c ip_rcmd_pxy.c
      ip_state.c ip_state.h ipl.h mlfk_ipl.c

o Cast interface numbers to u_int instead of u_char, so that
  big numbered units don't get truncated. More information on
  this problem can be found at FreeBSD GNATS, PR kern/64584.

o Compile INET6 support into ipfilter unless NOINET6 is defined
  as Make variable.

o Update $FreeBSD$ CVS ID tags.

o Adjust minor style(9) changes, like prototypes, etc.

Tested by David Rhodus, Chris Beuchler and Chris Pressey.

Reviewed-by: 	Darren Reed <darrenr@freebsd.org> (earlier version)
            	Matthew Dillon <dillon@apollo.backplane.com>