From ed018fa4dfc3d26da56b9ee7dc75e9d39a39a02b Mon Sep 17 00:00:00 2001 From: Gao feng Date: Mon, 4 Mar 2013 00:29:12 +0000 Subject: [PATCH] netfilter: xt_AUDIT: only generate audit log when audit enabled We should stop generting audit log if audit is disabled. Signed-off-by: Gao feng Acked-by: Thomas Graf Signed-off-by: Pablo Neira Ayuso --- net/netfilter/xt_AUDIT.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/netfilter/xt_AUDIT.c b/net/netfilter/xt_AUDIT.c index ba92824086f3..3228d7f24eb4 100644 --- a/net/netfilter/xt_AUDIT.c +++ b/net/netfilter/xt_AUDIT.c @@ -124,6 +124,9 @@ audit_tg(struct sk_buff *skb, const struct xt_action_param *par) const struct xt_audit_info *info = par->targinfo; struct audit_buffer *ab; + if (audit_enabled == 0) + goto errout; + ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT); if (ab == NULL) goto errout;