xt_quota2: fix 2 bugs when not in grow mode

1. XT_QUOTA_NO_CHANGE should not alter quota to zero ever
2. XT_QUOTA_PACKET should not be set to zero based on skb->len

Signed-off-by: Sam Liddicott <sam@liddicott.com>

diff --git a/extensions/xt_quota2.c b/extensions/xt_quota2.c
index ff91fcb1cef4bc429207c5082bca9317b45ef4e2..aa00207b19be9f5cfcac152692f343301c423931 100644 (file)
--- a/extensions/xt_quota2.c
+++ b/extensions/xt_quota2.c
@@ -219,13 +219,14 @@ quota_mt2(const struct sk_buff *skb, struct xt_action_param *par)
                }
                ret = true;
        } else {
-               if (e->quota >= skb->len) {
+               if (e->quota >= ((q->flags & XT_QUOTA_PACKET) ? 1 : skb->len)) {
                        if (!(q->flags & XT_QUOTA_NO_CHANGE))
                                e->quota -= (q->flags & XT_QUOTA_PACKET) ? 1 : skb->len;
                        ret = !ret;
                } else {
                        /* we do not allow even small packets from now on */
-                       e->quota = 0;
+                       if (!(q->flags & XT_QUOTA_NO_CHANGE))
+                               e->quota = 0;
                }
                q->quota = e->quota;
        }