netfilter: connlimit: move insertion of new element out of count function

		       const struct nf_conntrack_tuple *tuple,

		       const union nf_inet_addr *addr,

		       const union nf_inet_addr *mask,

		       u_int8_t family)

		       u_int8_t family, bool *addit)

{

	const struct nf_conntrack_tuple_hash *found;

	struct xt_connlimit_conn *conn;

	struct hlist_node *n;

	struct nf_conn *found_ct;

	bool addit = true;

	int matches = 0;

	rcu_read_lock();

			 * We should not see tuples twice unless someone hooks

			 * this into a table without "-p tcp --syn".

			 */

			addit = false;

			*addit = false;

		} else if (already_closed(found_ct)) {

			/*

			 * we do not care about connections which are

	rcu_read_unlock();

	if (addit) {

		/* save the new connection in our list */

		conn = kmalloc(sizeof(*conn), GFP_ATOMIC);

	return matches;

}

static bool add_hlist(struct hlist_head *head,

		      const struct nf_conntrack_tuple *tuple,

		      const union nf_inet_addr *addr)

{

	struct xt_connlimit_conn *conn = kmalloc(sizeof(*conn), GFP_ATOMIC);

	if (conn == NULL)

			return -ENOMEM;

		return false;

	conn->tuple = *tuple;

	conn->addr = *addr;

	hlist_add_head(&conn->node, head);

		++matches;

	}

	return matches;

	return true;

}

static int count_them(struct net *net,

	struct hlist_head *hhead;

	int count;

	u32 hash;

	bool addit = true;

	if (family == NFPROTO_IPV6)

		hash = connlimit_iphash6(addr, mask);

	hhead = &data->iphash[hash];

	spin_lock_bh(&data->lock);

	count = count_hlist(net, hhead, tuple, addr, mask, family);

	count = count_hlist(net, hhead, tuple, addr, mask, family, &addit);

	if (addit) {

		if (add_hlist(hhead, tuple, addr))

			count++;

		else

			count = -ENOMEM;

	}

	spin_unlock_bh(&data->lock);

	return count;