pf synflood detection


full accounting of half-open tcp connections
table walks not an option of course...

percentage of the state table used up by half-open connections

go to synflood mode when hiwat exceeded
synflood mode is just a global bit

leave synflood mode when under lowat again

hiwat and lowat values to be determined
probably tuneables at least initially