1diff -urN kernel-source-2.4.16/include/linux/netfilter_ipv4/ipt_quota.h kernel-source-2.4.16-samj/include/linux/netfilter_ipv4/ipt_quota.h 2--- kernel-source-2.4.16/include/linux/netfilter_ipv4/ipt_quota.h Thu Jan 1 10:00:00 1970 3+++ kernel-source-2.4.16-samj/include/linux/netfilter_ipv4/ipt_quota.h Mon Dec 3 21:43:07 2001 4@@ -0,0 +1,11 @@ 5+#ifndef _IPT_QUOTA_H 6+#define _IPT_QUOTA_H 7+ 8+/* print debug info in both kernel/netfilter module & iptable library */ 9+//#define DEBUG_IPT_QUOTA 10+ 11+struct ipt_quota_info { 12+ u_int64_t quota; 13+}; 14+ 15+#endif /*_IPT_QUOTA_H*/ 16diff -urN kernel-source-2.4.16/net/ipv4/netfilter/ipt_quota.c kernel-source-2.4.16-samj/net/ipv4/netfilter/ipt_quota.c 17--- kernel-source-2.4.16/net/ipv4/netfilter/ipt_quota.c Thu Jan 1 10:00:00 1970 18+++ kernel-source-2.4.16-samj/net/ipv4/netfilter/ipt_quota.c Mon Dec 3 21:42:08 2001 19@@ -0,0 +1,81 @@ 20+/* 21+ * netfilter module to enforce network quotas 22+ * 23+ * Sam Johnston <samj@samj.net> 24+ */ 25+#include <linux/module.h> 26+#include <linux/skbuff.h> 27+#include <linux/spinlock.h> 28+#include <linux/interrupt.h> 29+ 30+#include <linux/netfilter_ipv4/ip_tables.h> 31+#include <linux/netfilter_ipv4/ipt_quota.h> 32+ 33+MODULE_LICENSE("GPL"); 34+ 35+static spinlock_t quota_lock = SPIN_LOCK_UNLOCKED; 36+ 37+static int 38+match(const struct sk_buff *skb, 39+ const struct net_device *in, 40+ const struct net_device *out, 41+ const void *matchinfo, 42+ int offset, const void *hdr, u_int16_t datalen, int *hotdrop) 43+{ 44+ 45+ struct ipt_quota_info *q = (struct ipt_quota_info *) matchinfo; 46+ 47+ spin_lock_bh("a_lock); 48+ 49+ if (q->quota >= datalen) { 50+ /* we can afford this one */ 51+ q->quota -= datalen; 52+ spin_unlock_bh("a_lock); 53+ 54+#ifdef DEBUG_IPT_QUOTA 55+ printk("IPT Quota OK: %llu datlen %d \n", q->quota, datalen); 56+#endif 57+ return 1; 58+ } 59+ 60+ /* so we do not allow even small packets from now on */ 61+ q->quota = 0; 62+ 63+#ifdef DEBUG_IPT_QUOTA 64+ printk("IPT Quota Failed: %llu datlen %d \n", q->quota, datalen); 65+#endif 66+ 67+ spin_unlock_bh("a_lock); 68+ return 0; 69+} 70+ 71+static int 72+checkentry(const char *tablename, 73+ const struct ipt_ip *ip, 74+ void *matchinfo, unsigned int matchsize, unsigned int hook_mask) 75+{ 76+ /* TODO: spinlocks? sanity checks? */ 77+ if (matchsize != IPT_ALIGN(sizeof (struct ipt_quota_info))) 78+ return 0; 79+ 80+ return 1; 81+} 82+ 83+static struct ipt_match quota_match 84+ = { {NULL, NULL}, "quota", &match, &checkentry, NULL, THIS_MODULE }; 85+ 86+static int __init 87+init(void) 88+{ 89+ return ipt_register_match("a_match); 90+} 91+ 92+static void __exit 93+fini(void) 94+{ 95+ ipt_unregister_match("a_match); 96+} 97+ 98+module_init(init); 99+module_exit(fini); 100+ 101