From 2ea70aa69ec0535101d0f417517fc3d4454ca840 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sat, 15 Nov 2008 21:22:24 +0100
Subject: filter: remove useless branch in the check functions

If the logic is set to -1, this means that we do not perform any
filtering for this sort of network address. Therefore, we don't
need to re-check if there is any filter later. This patch also
inlines the check functions.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/filter.c | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

(limited to 'src')

diff --git a/src/filter.c b/src/filter.c
index 83c2eb3..f6da8bb 100644
--- a/src/filter.c
+++ b/src/filter.c
@@ -161,23 +161,17 @@ void ct_filter_add_state(struct ct_filter *f, int protonum, int val)
 	set_bit_u16(val, &f->statemap[protonum]);
 }
 
-static int
+static inline int
 __ct_filter_test_ipv4(struct ct_filter *f, struct nf_conntrack *ct)
 {
-	if (!f->h)
-		return 0;
-
 	/* we only use the real source and destination address */
 	return (hashtable_test(f->h, nfct_get_attr(ct, ATTR_ORIG_IPV4_SRC)) ||
 		hashtable_test(f->h, nfct_get_attr(ct, ATTR_REPL_IPV4_SRC)));
 }
 
-static int
+static inline int
 __ct_filter_test_ipv6(struct ct_filter *f, struct nf_conntrack *ct)
 {
-	if (!f->h6)
-		return 0;
-
 	return (hashtable_test(f->h6, nfct_get_attr(ct, ATTR_ORIG_IPV6_SRC)) ||
 	        hashtable_test(f->h6, nfct_get_attr(ct, ATTR_REPL_IPV6_SRC)));
 }
-- 
cgit v1.2.3