diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-11-09 13:26:31 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-11-09 13:26:31 +0100 |
| commit | f135f1c317a3c9430dc33a6ea7ff90a1ba808e36 (patch) | |
| tree | 3628bd462c5fdea2e686b1fe9d32563a74f30c01 | |
| parent | 76ac8ebe5e49385585c8e29fe530ed4baef390bf (diff) | |
| download | conntrack-tools-f135f1c317a3c9430dc33a6ea7ff90a1ba808e36.tar.gz conntrack-tools-f135f1c317a3c9430dc33a6ea7ff90a1ba808e36.zip | |
filter: use XOR instead of branches
use XOR instead of branches in ct_filter_check.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | src/filter.c | 18 |
1 files changed, 5 insertions, 13 deletions
diff --git a/src/filter.c b/src/filter.c index 33fe30e..c4854bb 100644 --- a/src/filter.c +++ b/src/filter.c @@ -211,9 +211,7 @@ int ct_filter_check(struct ct_filter *f, struct nf_conntrack *ct) if (f->logic[CT_FILTER_L4PROTO] != -1) { ret = test_bit_u32(protonum, f->l4protomap); - if (ret == 0 && f->logic[CT_FILTER_L4PROTO]) - return 0; - else if (ret == 1 && !f->logic[CT_FILTER_L4PROTO]) + if (ret ^ f->logic[CT_FILTER_L4PROTO]) return 0; } @@ -221,16 +219,12 @@ int ct_filter_check(struct ct_filter *f, struct nf_conntrack *ct) switch(nfct_get_attr_u8(ct, ATTR_L3PROTO)) { case AF_INET: ret = __ct_filter_test_ipv4(f, ct); - if (ret == 0 && f->logic[CT_FILTER_ADDRESS]) - return 0; - else if (ret == 1 && !f->logic[CT_FILTER_ADDRESS]) + if (ret ^ f->logic[CT_FILTER_ADDRESS]) return 0; break; case AF_INET6: - ret = __ct_filter_test_ipv6(f, ct); - if (ret == 0 && f->logic[CT_FILTER_ADDRESS]) - return 0; - else if (ret == 1 && !f->logic[CT_FILTER_ADDRESS]) + ret = __ct_filter_test_ipv6(f, ct); + if (ret ^ f->logic[CT_FILTER_ADDRESS]) return 0; break; default: @@ -240,9 +234,7 @@ int ct_filter_check(struct ct_filter *f, struct nf_conntrack *ct) if (f->logic[CT_FILTER_STATE] != -1) { ret = __ct_filter_test_state(f, ct); - if (ret == 0 && f->logic[CT_FILTER_STATE]) - return 0; - else if (ret == 1 && !f->logic[CT_FILTER_STATE]) + if (ret ^ f->logic[CT_FILTER_STATE]) return 0; } |