diff mbox

netfilter: xt_AUDIT: only generate audit log when audit enabled

Message ID 1362392952-11268-1-git-send-email-gaofeng@cn.fujitsu.com
State Accepted
Headers show

Commit Message

Gao feng March 4, 2013, 10:29 a.m. UTC 
We should stop generting audit log if audit is disabled.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
 net/netfilter/xt_AUDIT.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Thomas Graf March 4, 2013, 10:50 a.m. UTC | #1 
On 03/04/13 at 06:29pm, Gao feng wrote:
> We should stop generting audit log if audit is disabled.
> 
> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>

Acked-by: Thomas Graf <tgraf@suug.ch>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Pablo Neira Ayuso March 4, 2013, 3:54 p.m. UTC | #2 
On Mon, Mar 04, 2013 at 06:29:12PM +0800, Gao feng wrote:
> We should stop generting audit log if audit is disabled.

Applied, thanks Gao and Thomas.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/net/netfilter/xt_AUDIT.c b/net/netfilter/xt_AUDIT.c
index ba92824..3228d7f 100644
--- a/net/netfilter/xt_AUDIT.c
+++ b/net/netfilter/xt_AUDIT.c
@@ -124,6 +124,9 @@  audit_tg(struct sk_buff *skb, const struct xt_action_param *par)
 	const struct xt_audit_info *info = par->targinfo;
 	struct audit_buffer *ab;
 
+	if (audit_enabled == 0)
+		goto errout;
+
 	ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT);
 	if (ab == NULL)
 		goto errout;