firewall4/tests/06_includes, branch master

ruleset: reduce ksoftirqd load by refering to looopback by numeric id

2023-11-03T13:11:06Z

Reduce ksoftirq load by half using more efficient reference to loopback which always has index equal to one. Should help a lot with openwrt/openwrt#12914, openwrt/openwrt#12121 and similar iperf3 cases clamping against 100% CPU usage. Signed-off-by: Andris PE [fix S-o-b tag, fix commit author, rewrap commit message] Signed-off-by: Jo-Philipp Wich

ruleset: dispatch ct states using verdict map

2023-11-03T13:09:43Z

In case the dropping of invalid conntrack states is enabled, using a verdict map allows us to use only one rule instead of two, lowering the initial rule match overhead. Signed-off-by: Andris PE [whitespace cleanup, rebase, extend commit subject and message] Signed-off-by: Jo-Philipp Wich

Revert "ruleset: dispatch ct states using verdict map"

2023-11-03T13:09:16Z

This reverts commit 785798c8fd72ff3c4c8940922173290bb25bc18e. Revert commit due to bad commit metadata. Signed-off-by: Jo-Philipp Wich

ruleset: dispatch ct states using verdict map

2023-11-03T13:04:39Z

tests: add testcase for automatic includes

2023-02-03T11:04:58Z

Signed-off-by: Jo-Philipp Wich

fw4: fix handling the ipset "comment" option

2023-02-03T11:04:15Z

The comment option for ipset definitions is incorrectly declared as bool and not actually used anywhere in the nftables output rendering. Solve this issue by changing it to the proper "string" type and expose the user configured comment as "comment" property in the generated nftables output. Also add some initial test coverage for ipset declarations to better spot such inconsistencies in the future. Ref: https://github.com/openwrt/luci/pull/6187#issuecomment-1374506633 Reported-by: Paul Dee Signed-off-by: Jo-Philipp Wich