stealth makes slow


solution: check the protocol checksum for each and every packet handled by pf
aaaaaaaye... but it was like that for years

my fix for the performance hit: only check the proto checksum right before we are about to send back that RST or icmp error
and not at all for regular forwarded packets

gives another 7% or so