path: root/src
diff options
authorPablo Neira Ayuso <>2008-11-15 21:22:24 +0100
committerPablo Neira Ayuso <>2008-11-15 21:22:24 +0100
commit2ea70aa69ec0535101d0f417517fc3d4454ca840 (patch)
tree03e2711989d256dfd4eb9dd128c706e32c3290d0 /src
parente6d816f8d096d98deeb0a52f96d44a4ace03ffe7 (diff)
filter: remove useless branch in the check functions
If the logic is set to -1, this means that we do not perform any filtering for this sort of network address. Therefore, we don't need to re-check if there is any filter later. This patch also inlines the check functions. Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'src')
1 files changed, 2 insertions, 8 deletions
diff --git a/src/filter.c b/src/filter.c
index 83c2eb3..f6da8bb 100644
--- a/src/filter.c
+++ b/src/filter.c
@@ -161,23 +161,17 @@ void ct_filter_add_state(struct ct_filter *f, int protonum, int val)
set_bit_u16(val, &f->statemap[protonum]);
-static int
+static inline int
__ct_filter_test_ipv4(struct ct_filter *f, struct nf_conntrack *ct)
- if (!f->h)
- return 0;
/* we only use the real source and destination address */
return (hashtable_test(f->h, nfct_get_attr(ct, ATTR_ORIG_IPV4_SRC)) ||
hashtable_test(f->h, nfct_get_attr(ct, ATTR_REPL_IPV4_SRC)));
-static int
+static inline int
__ct_filter_test_ipv6(struct ct_filter *f, struct nf_conntrack *ct)
- if (!f->h6)
- return 0;
return (hashtable_test(f->h6, nfct_get_attr(ct, ATTR_ORIG_IPV6_SRC)) ||
hashtable_test(f->h6, nfct_get_attr(ct, ATTR_REPL_IPV6_SRC)));