filter: remove useless branch in the check functions

If the logic is set to -1, this means that we do not perform any
filtering for this sort of network address. Therefore, we don't
need to re-check if there is any filter later. This patch also
inlines the check functions.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 2 insertions, 8 deletions

diff --git a/src/filter.c b/src/filter.c
index 83c2eb3..f6da8bb 100644
--- a/src/filter.c
+++ b/src/filter.c
@@ -161,23 +161,17 @@ void ct_filter_add_state(struct ct_filter *f, int protonum, int val)
 	set_bit_u16(val, &f->statemap[protonum]);
 }
 
-static int
+static inline int
 __ct_filter_test_ipv4(struct ct_filter *f, struct nf_conntrack *ct)
 {
-	if (!f->h)
-		return 0;
-
 	/* we only use the real source and destination address */
 	return (hashtable_test(f->h, nfct_get_attr(ct, ATTR_ORIG_IPV4_SRC)) ||
 		hashtable_test(f->h, nfct_get_attr(ct, ATTR_REPL_IPV4_SRC)));
 }
 
-static int
+static inline int
 __ct_filter_test_ipv6(struct ct_filter *f, struct nf_conntrack *ct)
 {
-	if (!f->h6)
-		return 0;
-
 	return (hashtable_test(f->h6, nfct_get_attr(ct, ATTR_ORIG_IPV6_SRC)) ||
 	        hashtable_test(f->h6, nfct_get_attr(ct, ATTR_REPL_IPV6_SRC)));
 }