The firewall was using some generic bits of C++ code that generated a lot of custom template instantiations. Replace this with a small sorted vector implementation that is split into two parts:
A generic implementation that works with any trivial type (can be compared with memcmp, can be moved with memcpy).
A type-safe wrapper that manages an array of T, which compiles down to tiny inlined wrappers that call the generic versions.
These add up to about 1 KiB of code saving with just IPv4 enabled and 2 KiB with v4 and v6 enabled.
There are some tests in the code that are not run by default, but which do pass when run.
The firewall was using some generic bits of C++ code that generated a lot of custom template instantiations. Replace this with a small sorted vector implementation that is split into two parts:
T, which compiles down to tiny inlined wrappers that call the generic versions.These add up to about 1 KiB of code saving with just IPv4 enabled and 2 KiB with v4 and v6 enabled.
There are some tests in the code that are not run by default, but which do pass when run.