1diff -urN kernel-source-2.4.16/include/linux/netfilter_ipv4/ipt_quota.h kernel-source-2.4.16-samj/include/linux/netfilter_ipv4/ipt_quota.h
2--- kernel-source-2.4.16/include/linux/netfilter_ipv4/ipt_quota.h	Thu Jan  1 10:00:00 1970
3+++ kernel-source-2.4.16-samj/include/linux/netfilter_ipv4/ipt_quota.h	Mon Dec  3 21:43:07 2001
4@@ -0,0 +1,11 @@
5+#ifndef _IPT_QUOTA_H
6+#define _IPT_QUOTA_H
7+
8+/* print debug info in both kernel/netfilter module & iptable library */
9+//#define DEBUG_IPT_QUOTA
10+
11+struct ipt_quota_info {
12+        u_int64_t quota;
13+};
14+
15+#endif /*_IPT_QUOTA_H*/
16diff -urN kernel-source-2.4.16/net/ipv4/netfilter/ipt_quota.c kernel-source-2.4.16-samj/net/ipv4/netfilter/ipt_quota.c
17--- kernel-source-2.4.16/net/ipv4/netfilter/ipt_quota.c	Thu Jan  1 10:00:00 1970
18+++ kernel-source-2.4.16-samj/net/ipv4/netfilter/ipt_quota.c	Mon Dec  3 21:42:08 2001
19@@ -0,0 +1,81 @@
20+/* 
21+ * netfilter module to enforce network quotas
22+ *
23+ * Sam Johnston <samj@samj.net>
24+ */
25+#include <linux/module.h>
26+#include <linux/skbuff.h>
27+#include <linux/spinlock.h>
28+#include <linux/interrupt.h>
29+
30+#include <linux/netfilter_ipv4/ip_tables.h>
31+#include <linux/netfilter_ipv4/ipt_quota.h>
32+
33+MODULE_LICENSE("GPL");
34+
35+static spinlock_t quota_lock = SPIN_LOCK_UNLOCKED;
36+
37+static int
38+match(const struct sk_buff *skb,
39+      const struct net_device *in,
40+      const struct net_device *out,
41+      const void *matchinfo,
42+      int offset, const void *hdr, u_int16_t datalen, int *hotdrop)
43+{
44+
45+        struct ipt_quota_info *q = (struct ipt_quota_info *) matchinfo;
46+
47+        spin_lock_bh(&quota_lock);
48+
49+        if (q->quota >= datalen) {
50+                /* we can afford this one */
51+                q->quota -= datalen;
52+                spin_unlock_bh(&quota_lock);
53+
54+#ifdef DEBUG_IPT_QUOTA
55+                printk("IPT Quota OK: %llu datlen %d \n", q->quota, datalen);
56+#endif
57+                return 1;
58+        }
59+
60+        /* so we do not allow even small packets from now on */
61+        q->quota = 0;
62+
63+#ifdef DEBUG_IPT_QUOTA
64+        printk("IPT Quota Failed: %llu datlen %d \n", q->quota, datalen);
65+#endif
66+
67+        spin_unlock_bh(&quota_lock);
68+        return 0;
69+}
70+
71+static int
72+checkentry(const char *tablename,
73+           const struct ipt_ip *ip,
74+           void *matchinfo, unsigned int matchsize, unsigned int hook_mask)
75+{
76+        /* TODO: spinlocks? sanity checks? */
77+        if (matchsize != IPT_ALIGN(sizeof (struct ipt_quota_info)))
78+                return 0;
79+
80+        return 1;
81+}
82+
83+static struct ipt_match quota_match
84+    = { {NULL, NULL}, "quota", &match, &checkentry, NULL, THIS_MODULE };
85+
86+static int __init
87+init(void)
88+{
89+        return ipt_register_match(&quota_match);
90+}
91+
92+static void __exit
93+fini(void)
94+{
95+        ipt_unregister_match(&quota_match);
96+}
97+
98+module_init(init);
99+module_exit(fini);
100+
101