Consider updating NPF to the latest upstream version

[rmind]

FYI:

There have been many improvements in the upstream NPF. Some highlights:

• NPF was converted to use libnv, instead of libprop (proplib). libnv is FreeBSD's name/value pairs library. This conversion significantly simplifies the code and moves NPF to a binary serialisation format (replacing the XML-like format). It also fixes some memory and reference leaks. Warning: this makes NPF configuration and the libnpf ABI incompotable with the previous versions.

• NPF connection table was converted to thmap (a concurrent trie-hash map, combining the elements of hashing and radix trie). It makes the state lookup lock-free and much more scalable (see a benchmark here). It also much faster for single-threaded use than red-black tree or arguably some hash tables (see a benchmark here).

• Connection state garbage collection is now incremental. The G/C step can be also be tuned.

• NPF tables of type "ipset" now also use thmap, so the table lookup is now also lock-free.

• Add support for dynamic NAT address. Translation addresses can now be selected from a pool of addresses (an NPF table). There are two selection algorithms, "ip-hash" and "round-robin" (see the docs for more details).

• Added the NETMAP algorithm for static NAT, which can be used for network-to-network translation (it is equivalent to the Linux iptables NETMAP logic).

• Multiple bug fixes and robustness improvements were backported from NetBSD.

• More unit tests. Also, Travis support was added the upstream NPF repository and the unit tests are now trigerred automatically for each pull request and commit. In addition to the RPM package, there is also a way to build a Debian package.

I would also recommend updating the libqsbr and liblpm dependencies, as I have made some bug fixes over the time.