Simplify some logic.

node/Network.cpp

@@ -643,8 +643,8 @@ bool Network::filterOutgoingPacket(
 	uint32_t remoteTagValues[ZT_MAX_NETWORK_TAGS];
 	Address ztDest2(ztDest);
 	Address cc;
+	const Capability *relevantCap = (const Capability *)0;
 	unsigned int ccLength = 0;
-	bool mainRuleTableMatch = false;
 	bool accept = false;
 
 	Mutex::Lock _l(_lock);
@@ -653,20 +653,8 @@ bool Network::filterOutgoingPacket(
 	const unsigned int remoteTagCount = m.getAllTags(_config,remoteTagIds,remoteTagValues,ZT_MAX_NETWORK_TAGS);
 
 	switch(_doZtFilter(RR,_config,false,ztSource,ztDest2,macSource,macDest,frameData,frameLen,etherType,vlanId,_config.rules,_config.ruleCount,_config.tags,_config.tagCount,remoteTagIds,remoteTagValues,remoteTagCount,cc,ccLength)) {
-		case DOZTFILTER_NO_MATCH:
-			break;
-		case DOZTFILTER_DROP:
-			return false;
-		case DOZTFILTER_REDIRECT: // interpreted as ACCEPT but ztDest2 will have been changed in _doZtFilter()
-		case DOZTFILTER_ACCEPT:
-		case DOZTFILTER_SUPER_ACCEPT: // no difference in behavior on outbound side
-			mainRuleTableMatch = true;
-			accept = true;
-			break;
-	}
 
-	const Capability *relevantCap = (const Capability *)0;
+		case DOZTFILTER_NO_MATCH:
-	if (!mainRuleTableMatch) {
 			for(unsigned int c=0;c<_config.capabilityCount;++c) {
 				ztDest2 = ztDest; // sanity check
 				Address cc2;
@@ -696,6 +684,16 @@ bool Network::filterOutgoingPacket(
 				if (accept)
 					break;
 			}
+			break;
+
+		case DOZTFILTER_DROP:
+			return false;
+
+		case DOZTFILTER_REDIRECT: // interpreted as ACCEPT but ztDest2 will have been changed in _doZtFilter()
+		case DOZTFILTER_ACCEPT:
+		case DOZTFILTER_SUPER_ACCEPT: // no difference in behavior on outbound side
+			accept = true;
+			break;
 	}
 
 	if (accept) {
@@ -746,7 +744,6 @@ int Network::filterIncomingPacket(
 	Address ztDest2(ztDest);
 	Address cc;
 	unsigned int ccLength = 0;
-	bool mainRuleTableMatch = false;
 	int accept = 0;
 
 	Mutex::Lock _l(_lock);
@@ -755,22 +752,8 @@ int Network::filterIncomingPacket(
 	const unsigned int remoteTagCount = m.getAllTags(_config,remoteTagIds,remoteTagValues,ZT_MAX_NETWORK_TAGS);
 
 	switch (_doZtFilter(RR,_config,true,sourcePeer->address(),ztDest2,macSource,macDest,frameData,frameLen,etherType,vlanId,_config.rules,_config.ruleCount,_config.tags,_config.tagCount,remoteTagIds,remoteTagValues,remoteTagCount,cc,ccLength)) {
-		case DOZTFILTER_NO_MATCH:
-			break;
-		case DOZTFILTER_DROP:
-			return 0; // DROP
-		case DOZTFILTER_REDIRECT: // interpreted as ACCEPT but ztDest2 will have been changed in _doZtFilter()
-		case DOZTFILTER_ACCEPT:
-			mainRuleTableMatch = true;
-			accept = 1; // ACCEPT
-			break;
-		case DOZTFILTER_SUPER_ACCEPT:
-			mainRuleTableMatch = true;
-			accept = 2; // super-ACCEPT
-			break;
-	}
 
-	if (!mainRuleTableMatch) {
+		case DOZTFILTER_NO_MATCH: {
 			Membership::CapabilityIterator mci(m);
 			const Capability *c;
 			while ((c = mci.next(_config))) {
@@ -804,6 +787,18 @@ int Network::filterIncomingPacket(
 					break;
 				}
 			}
+		}	break;
+
+		case DOZTFILTER_DROP:
+			return 0; // DROP
+
+		case DOZTFILTER_REDIRECT: // interpreted as ACCEPT but ztDest2 will have been changed in _doZtFilter()
+		case DOZTFILTER_ACCEPT:
+			accept = 1; // ACCEPT
+			break;
+		case DOZTFILTER_SUPER_ACCEPT:
+			accept = 2; // super-ACCEPT
+			break;
 	}
 
 	if (accept) {