xt_iface: reorder code for upcoming address checking

From now on, info->flags lists the flags to test, not just the flags
to test positively for.

extensions/xt_iface.c

@@ -40,29 +40,38 @@ static const struct xt_iface_flag_pairs xt_iface_lookup[] =
 	{.iface_flag = XT_IFACE_DORMANT,	.iff_flag = IFF_DORMANT},
 };
 
+static struct net_device *iface_get(const char *name)
+{
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24)
+	return dev_get_by_name(&init_net, name);
+#else
+	return dev_get_by_name(name);
+#endif
+}
+
+static bool iface_flagtest(unsigned int devflags, unsigned int flags,
+    unsigned int invflags)
+{
+	unsigned int i;
+
+	for (i = 0; i < ARRAY_SIZE(xt_iface_lookup); ++i)
+		if ((flags & xt_iface_lookup[i].iface_flag) &&
+		    !!(devflags & xt_iface_lookup[i].iff_flag) ^
+		    !(invflags & xt_iface_lookup[i].iface_flag))
+			return false;
+	return true;
+}
+
 static bool xt_iface_mt(const struct sk_buff *skb,
     struct xt_action_param *par)
 {
 	const struct xt_iface_mtinfo *info = par->matchinfo;
-	struct net_device *dev;
+	struct net_device *dev = iface_get(info->ifname);
 	bool retval;
-	int i;
 
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24)
-	dev = dev_get_by_name(&init_net, info->ifname);
-#else
-	dev = dev_get_by_name(info->ifname);
-#endif
 	if (dev == NULL)
 		return false;
-
-	retval = true;
-	for (i = 0; i < ARRAY_SIZE(xt_iface_lookup) && retval; ++i) {
-		if (info->flags & xt_iface_lookup[i].iface_flag)
-			retval &= dev->flags & xt_iface_lookup[i].iff_flag;
-		if (info->invflags & xt_iface_lookup[i].iface_flag)
-			retval &= !(dev->flags & xt_iface_lookup[i].iff_flag);
-	}
+	retval = iface_flagtest(dev->flags, info->flags, info->invflags);
 	dev_put(dev);
 	return retval;
 }