netfilter: xt_AUDIT: only generate audit log when audit enabled

We should stop generting audit log if audit is disabled. Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Acked-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Gao feng <gaofeng@cn.fujitsu.com> 2013-03-04 00:29:12 +0000
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2013-03-04 14:45:25 +0100
commit: ed018fa4dfc3d26da56b9ee7dc75e9d39a39a02b (patch)
tree: ecb910ff5080b35dc1fdae81337bbdb1d2b54841
parent: f9caed59f801f77a2844ab04d2dea8df33ac862b (diff)
download: op-kernel-dev-ed018fa4dfc3d26da56b9ee7dc75e9d39a39a02b.zip
op-kernel-dev-ed018fa4dfc3d26da56b9ee7dc75e9d39a39a02b.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/xt_AUDIT.c b/net/netfilter/xt_AUDIT.c
index ba92824..3228d7f 100644
--- a/net/netfilter/xt_AUDIT.c
+++ b/net/netfilter/xt_AUDIT.c
@@ -124,6 +124,9 @@ audit_tg(struct sk_buff *skb, const struct xt_action_param *par)
 	const struct xt_audit_info *info = par->targinfo;
 	struct audit_buffer *ab;
 
+	if (audit_enabled == 0)
+		goto errout;
+
 	ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT);
 	if (ab == NULL)
 		goto errout;
author	Gao feng <gaofeng@cn.fujitsu.com>	2013-03-04 00:29:12 +0000
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2013-03-04 14:45:25 +0100
commit	ed018fa4dfc3d26da56b9ee7dc75e9d39a39a02b (patch)
tree	ecb910ff5080b35dc1fdae81337bbdb1d2b54841
parent	f9caed59f801f77a2844ab04d2dea8df33ac862b (diff)
download	op-kernel-dev-ed018fa4dfc3d26da56b9ee7dc75e9d39a39a02b.zip op-kernel-dev-ed018fa4dfc3d26da56b9ee7dc75e9d39a39a02b.tar.gz