On Mon, Apr 14, 2025 at 11:55:45PM +0200, Pablo Neira Ayuso wrote:
> On Thu, Apr 10, 2025 at 07:17:47AM +0000, Zhongqiu Duan wrote:
> > Keep consistency with xt_quota and nfacct.
>
> Where is the inconsistency?
>
> > Fixes: 795595f68d6c ("netfilter: nft_quota: dump consumed quota")
> > Signed-off-by: Zhongqiu Duan <dzq.aishenghu0@xxxxxxxxx>
> > ---
> > net/netfilter/nft_quota.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/net/netfilter/nft_quota.c b/net/netfilter/nft_quota.c
> > index 9b2d7463d3d3..0bb43c723061 100644
> > --- a/net/netfilter/nft_quota.c
> > +++ b/net/netfilter/nft_quota.c
> > @@ -21,7 +21,7 @@ struct nft_quota {
> > static inline bool nft_overquota(struct nft_quota *priv,
> > const struct sk_buff *skb)
> > {
> > - return atomic64_add_return(skb->len, priv->consumed) >=
> > + return atomic64_add_return(skb->len, priv->consumed) >
> > atomic64_read(&priv->quota);
>
> >From xt_quota:
>
> if (priv->quota >= skb->len) {
> priv->quota -= skb->len;
> ret = !ret;
They behave differently in the case of consumed bytes equal to quota.
