diff --git a/net/netfilter/nft_quota.c b/net/netfilter/nft_quota.c
index 0bb43c723061..9fd6985f54c5 100644
--- a/net/netfilter/nft_quota.c
+++ b/net/netfilter/nft_quota.c
@@ -51,13 +51,15 @@ static void nft_quota_obj_eval(struct nft_object *obj,
 			       const struct nft_pktinfo *pkt)
 {
 	struct nft_quota *priv = nft_obj_data(obj);
+	u64 consumed = atomic64_add_return(pkt->skb->len, priv->consumed);
+	u64 quota = atomic64_read(&priv->quota);
 	bool overquota;
 
-	overquota = nft_overquota(priv, pkt->skb);
+	overquota = (consumed > quota);
 	if (overquota ^ nft_quota_invert(priv))
 		regs->verdict.code = NFT_BREAK;
 
-	if (overquota &&
+	if (consumed >= quota &&
 	    !test_and_set_bit(NFT_QUOTA_DEPLETED_BIT, &priv->flags))
 		nft_obj_notify(nft_net(pkt), obj->key.table, obj, 0, 0,
 			       NFT_MSG_NEWOBJ, 0, nft_pf(pkt), 0, GFP_ATOMIC);