diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-09-02 21:00:58 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-09-07 11:00:56 +0200 |
| commit | db6d857b819a00627a3bd911f49ee3156766bba8 (patch) | |
| tree | d4283a93851b15343a90b02fddb1437c3db939af | |
| parent | 0d9932b2875f568d679f2af33ce610da3903ac11 (diff) | |
| download | op-kernel-dev-db6d857b819a00627a3bd911f49ee3156766bba8.zip op-kernel-dev-db6d857b819a00627a3bd911f49ee3156766bba8.tar.gz | |
netfilter: nft_quota: fix overquota logic
Use xor to decide to break further rule evaluation or not, since the
existing logic doesn't achieve the expected inversion.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | net/netfilter/nft_quota.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nft_quota.c b/net/netfilter/nft_quota.c index 6eafbf9..92b6ff1 100644 --- a/net/netfilter/nft_quota.c +++ b/net/netfilter/nft_quota.c @@ -33,7 +33,7 @@ static void nft_quota_eval(const struct nft_expr *expr, { struct nft_quota *priv = nft_expr_priv(expr); - if (nft_quota(priv, pkt) < 0 && !priv->invert) + if ((nft_quota(priv, pkt) < 0) ^ priv->invert) regs->verdict.code = NFT_BREAK; } |
