Code review comment for lp:~christof-mroz/hipl/hipfw-esp-speedup

Hi Christof!

> === modified file 'firewall/conntrack.c'
> +static void update_esp_address(struct esp_tuple *esp_tuple,

[M] would 'struct esp_tuple *const esp_tuple' work for better const correctness?

> /**
> + * Parse one line of iptables -nvL formatted output, and extract
> + * packet count, SPI and destination IP if it is valid and packet count is
> + * not zero.

[L] What is the acceptable/supported format? 'iptables -nvL' output might differ based on version or translation. Examples would be sufficient.

[M] The functions hip_fw_manage_esp_tuple() and system_printf() are not covered by unit tests.