[nf-next PATCH] netfilter: nft_extdhr: Drop pointless check of tprot_set

[nf-next PATCH] netfilter: nft_extdhr: Drop pointless check of tprot_set

[Phil Sutter]

Pablo says, tprot_set is only there to detect if tprot was set to
IPPROTO_IP as that evaluates to zero. Therefore, code asserting a
different value in tprot does not need to check tprot_set.

Fixes: 935b7f6430188 ("netfilter: nft_exthdr: add TCP option matching")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 net/netfilter/nft_exthdr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/netfilter/nft_exthdr.c b/net/netfilter/nft_exthdr.c
index 9cf86be2cff4b..4f583d2e220e4 100644
--- a/net/netfilter/nft_exthdr.c
+++ b/net/netfilter/nft_exthdr.c
@@ -164,7 +164,7 @@ nft_tcp_header_pointer(const struct nft_pktinfo *pkt,
 {
 	struct tcphdr *tcph;
 
-	if (!pkt->tprot_set || pkt->tprot != IPPROTO_TCP)
+	if (pkt->tprot != IPPROTO_TCP)
 		return NULL;
 
 	tcph = skb_header_pointer(pkt->skb, nft_thoff(pkt), sizeof(*tcph), buffer);
-- 
2.31.1

Re: [nf-next PATCH] netfilter: nft_extdhr: Drop pointless check of tprot_set

[Pablo Neira Ayuso]

On Fri, Jun 11, 2021 at 07:08:26PM +0200, Phil Sutter wrote:
> Pablo says, tprot_set is only there to detect if tprot was set to
> IPPROTO_IP as that evaluates to zero. Therefore, code asserting a
> different value in tprot does not need to check tprot_set.

Applied, thanks.