netfilter: nft_quota: match correctly when the quota just depleted

};

static inline bool nft_overquota(struct nft_quota *priv,

				 const struct sk_buff *skb)

				 const struct sk_buff *skb,

				 bool *report)

{

	return atomic64_add_return(skb->len, priv->consumed) >=

	       atomic64_read(&priv->quota);

	u64 consumed = atomic64_add_return(skb->len, priv->consumed);

	u64 quota = atomic64_read(&priv->quota);

	if (report)

		*report = consumed >= quota;

	return consumed > quota;

}

static inline bool nft_quota_invert(struct nft_quota *priv)

				     struct nft_regs *regs,

				     const struct nft_pktinfo *pkt)

{

	if (nft_overquota(priv, pkt->skb) ^ nft_quota_invert(priv))

	if (nft_overquota(priv, pkt->skb, NULL) ^ nft_quota_invert(priv))

		regs->verdict.code = NFT_BREAK;

}

			       const struct nft_pktinfo *pkt)

{

	struct nft_quota *priv = nft_obj_data(obj);

	bool overquota;

	bool overquota, report;

	overquota = nft_overquota(priv, pkt->skb);

	overquota = nft_overquota(priv, pkt->skb, &report);

	if (overquota ^ nft_quota_invert(priv))

		regs->verdict.code = NFT_BREAK;

	if (overquota &&

	if (report &&

	    !test_and_set_bit(NFT_QUOTA_DEPLETED_BIT, &priv->flags))

		nft_obj_notify(nft_net(pkt), obj->key.table, obj, 0, 0,

			       NFT_MSG_NEWOBJ, 0, nft_pf(pkt), 0, GFP_ATOMIC);