netfilter: ipset: Check IPSET_ATTR_PORT only once

We do not need to check tb[IPSET_ATTR_PORT] != NULL before
retrieving port, as this attribute is known to exist due to
ip_set_attr_netorder() returning true only when attribute
exists and it is in network byte order.

Signed-off-by: Sergey Popovich <popovich_sergei@mail.ua>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/ipset/ip_set_hash_ipport.c b/net/netfilter/ipset/ip_set_hash_ipport.c
index 5b36a4ed3573446f746fd714924e0e5c41a2bbe4..299fab630d1ffea03a96bea2994d3d5fc0abd8e2 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_ipport.c
+++ b/net/netfilter/ipset/ip_set_hash_ipport.c
@@ -139,10 +139,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[],
        if (ret)
                return ret;
 
-       if (tb[IPSET_ATTR_PORT])
-               e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
-       else
-               return -IPSET_ERR_PROTOCOL;
+       e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
 
        if (tb[IPSET_ATTR_PROTO]) {
                e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);
@@ -309,10 +306,7 @@ hash_ipport6_uadt(struct ip_set *set, struct nlattr *tb[],
        if (ret)
                return ret;
 
-       if (tb[IPSET_ATTR_PORT])
-               e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
-       else
-               return -IPSET_ERR_PROTOCOL;
+       e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
 
        if (tb[IPSET_ATTR_PROTO]) {
                e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);

diff --git a/net/netfilter/ipset/ip_set_hash_ipportip.c b/net/netfilter/ipset/ip_set_hash_ipportip.c
index 6a580e5955ea9b5932c655aa83b67295937592c7..cb7946662fbd8f29836065bf4180e0d60f25d55c 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_ipportip.c
+++ b/net/netfilter/ipset/ip_set_hash_ipportip.c
@@ -145,10 +145,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[],
        if (ret)
                return ret;
 
-       if (tb[IPSET_ATTR_PORT])
-               e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
-       else
-               return -IPSET_ERR_PROTOCOL;
+       e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
 
        if (tb[IPSET_ATTR_PROTO]) {
                e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);
@@ -321,10 +318,7 @@ hash_ipportip6_uadt(struct ip_set *set, struct nlattr *tb[],
        if (ret)
                return ret;
 
-       if (tb[IPSET_ATTR_PORT])
-               e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
-       else
-               return -IPSET_ERR_PROTOCOL;
+       e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
 
        if (tb[IPSET_ATTR_PROTO]) {
                e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);

diff --git a/net/netfilter/ipset/ip_set_hash_ipportnet.c b/net/netfilter/ipset/ip_set_hash_ipportnet.c
index 2b90a1db73f5a5798361b7b249df50336fb0b974..2c39cae0df294789c4d62943b994d6e16bb2996e 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_ipportnet.c
+++ b/net/netfilter/ipset/ip_set_hash_ipportnet.c
@@ -207,10 +207,7 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
                e.cidr = cidr - 1;
        }
 
-       if (tb[IPSET_ATTR_PORT])
-               e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
-       else
-               return -IPSET_ERR_PROTOCOL;
+       e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
 
        if (tb[IPSET_ATTR_PROTO]) {
                e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);
@@ -469,10 +466,7 @@ hash_ipportnet6_uadt(struct ip_set *set, struct nlattr *tb[],
 
        ip6_netmask(&e.ip2, e.cidr + 1);
 
-       if (tb[IPSET_ATTR_PORT])
-               e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
-       else
-               return -IPSET_ERR_PROTOCOL;
+       e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
 
        if (tb[IPSET_ATTR_PROTO]) {
                e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);

diff --git a/net/netfilter/ipset/ip_set_hash_netport.c b/net/netfilter/ipset/ip_set_hash_netport.c
index 624eb5b674c61e1c171a8015561e1335a01bef23..91c901ca25d1455c5bb33dbef7994271ef8a2ccd 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_netport.c
+++ b/net/netfilter/ipset/ip_set_hash_netport.c
@@ -196,10 +196,7 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[],
                e.cidr = cidr - 1;
        }
 
-       if (tb[IPSET_ATTR_PORT])
-               e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
-       else
-               return -IPSET_ERR_PROTOCOL;
+       e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
 
        if (tb[IPSET_ATTR_PROTO]) {
                e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);
@@ -420,10 +417,7 @@ hash_netport6_uadt(struct ip_set *set, struct nlattr *tb[],
        }
        ip6_netmask(&e.ip, e.cidr + 1);
 
-       if (tb[IPSET_ATTR_PORT])
-               e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
-       else
-               return -IPSET_ERR_PROTOCOL;
+       e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
 
        if (tb[IPSET_ATTR_PROTO]) {
                e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);

diff --git a/net/netfilter/ipset/ip_set_hash_netportnet.c b/net/netfilter/ipset/ip_set_hash_netportnet.c
index 7eed11bce40a95179fabc833a3c91d5f82fe6206..1233442053c9edbcfe0f1e191831bb70acea42e5 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_netportnet.c
+++ b/net/netfilter/ipset/ip_set_hash_netportnet.c
@@ -225,10 +225,7 @@ hash_netportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
                e.cidr[1] = cidr;
        }
 
-       if (tb[IPSET_ATTR_PORT])
-               e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
-       else
-               return -IPSET_ERR_PROTOCOL;
+       e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
 
        if (tb[IPSET_ATTR_PROTO]) {
                e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);
@@ -505,10 +502,7 @@ hash_netportnet6_uadt(struct ip_set *set, struct nlattr *tb[],
        ip6_netmask(&e.ip[0], e.cidr[0]);
        ip6_netmask(&e.ip[1], e.cidr[1]);
 
-       if (tb[IPSET_ATTR_PORT])
-               e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
-       else
-               return -IPSET_ERR_PROTOCOL;
+       e.port = nla_get_be16(tb[IPSET_ATTR_PORT]);
 
        if (tb[IPSET_ATTR_PROTO]) {
                e.proto = nla_get_u8(tb[IPSET_ATTR_PROTO]);