]> www.infradead.org Git - users/jedix/linux-maple.git/commit
projects / users / jedix / linux-maple.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: d33f889) | patch
netfilter: nft_quota: match correctly when the quota just depleted
authorZhongqiu Duan <dzq.aishenghu0@gmail.com>
Thu, 17 Apr 2025 15:49:30 +0000 (15:49 +0000)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 5 May 2025 11:15:09 +0000 (13:15 +0200)
commitbfe7cfb65c753952735c3eed703eba9a8b96a18d
treedbf58bf06a1aaffc99637e07c7ba131e12e78d64tree
parentd33f889fd80c91e0250874e910fc58918eb660dbcommit | diff
netfilter: nft_quota: match correctly when the quota just depleted

The xt_quota compares skb length with remaining quota, but the nft_quota
compares it with consumed bytes.

The xt_quota can match consumed bytes up to quota at maximum. But the
nft_quota break match when consumed bytes equal to quota.

i.e., nft_quota match consumed bytes in [0, quota - 1], not [0, quota].

Fixes: 795595f68d6c ("netfilter: nft_quota: dump consumed quota")
Signed-off-by: Zhongqiu Duan <dzq.aishenghu0@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nft_quota.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.