projects / firefly-linux-kernel-4.4.55.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
netfilter: nf_tables: don't update chain with unset counters
[firefly-linux-kernel-4.4.55.git] / net / netfilter / xt_nfacct.c
diff --git a/net/netfilter/xt_nfacct.c b/net/netfilter/xt_nfacct.c
index b3be0ef21f198ca8c7b025e1a775af9bd662d20e..8c646ed9c921bca1fbf507c1aa97c1dca60d8df1 100644 (file)
--- a/net/netfilter/xt_nfacct.c
+++ b/net/netfilter/xt_nfacct.c
@@ -21,11 +21,14 @@ MODULE_ALIAS("ip6t_nfacct");
 
 static bool nfacct_mt(const struct sk_buff *skb, struct xt_action_param *par)
 {
+       int overquota;
        const struct xt_nfacct_match_info *info = par->targinfo;
 
        nfnl_acct_update(skb, info->nfacct);
 
-       return true;
+       overquota = nfnl_acct_overquota(skb, info->nfacct);
+
+       return overquota == NFACCT_UNDERQUOTA ? false : true;
 }
 
 static int
Unnamed repository; edit this file 'description' to name the repository.