From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 2 Sep 2016 19:00:58 +0000 (+0200)
Subject: netfilter: nft_quota: fix overquota logic
X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=db6d857b819a00627a3bd911f49ee3156766bba8;p=linux-beck.git

netfilter: nft_quota: fix overquota logic

Use xor to decide to break further rule evaluation or not, since the
existing logic doesn't achieve the expected inversion.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/net/netfilter/nft_quota.c b/net/netfilter/nft_quota.c
index 6eafbf987ed9..92b6ff16dbb3 100644
--- a/net/netfilter/nft_quota.c
+++ b/net/netfilter/nft_quota.c
@@ -33,7 +33,7 @@ static void nft_quota_eval(const struct nft_expr *expr,
 {
 	struct nft_quota *priv = nft_expr_priv(expr);
 
-	if (nft_quota(priv, pkt) < 0 && !priv->invert)
+	if ((nft_quota(priv, pkt) < 0) ^ priv->invert)
 		regs->verdict.code = NFT_BREAK;
 }