SOURCES (LINUX_2_6): linux-2.6-nf-quota.patch (NEW) - [base] quota...

pluto Thu, 15 Sep 2005 01:28:07 -0700

Author: pluto                        Date: Thu Sep 15 08:27:13 2005 GMT
Module: SOURCES                       Tag: LINUX_2_6
---- Log message:
- [base] quota match.


---- Files affected:
SOURCES:
   linux-2.6-nf-quota.patch (NONE -> 1.1.2.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/linux-2.6-nf-quota.patch
diff -u /dev/null SOURCES/linux-2.6-nf-quota.patch:1.1.2.1
--- /dev/null   Thu Sep 15 10:27:13 2005
+++ SOURCES/linux-2.6-nf-quota.patch    Thu Sep 15 10:27:08 2005
@@ -0,0 +1,146 @@
+ include/linux/netfilter_ipv4/ipt_quota.h |   12 +++
+ net/ipv4/netfilter/Kconfig               |   10 +++
+ net/ipv4/netfilter/Makefile              |    1 
+ net/ipv4/netfilter/ipt_quota.c           |   96 
+++++++++++++++++++++++++++++++
+ 4 files changed, 119 insertions(+)
+
+diff -uNr linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ipt_quota.h 
linux-2.6.13.1/include/linux/netfilter_ipv4/ipt_quota.h
+--- linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ipt_quota.h       
1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.13.1/include/linux/netfilter_ipv4/ipt_quota.h    2005-09-15 
10:25:42.481508000 +0200
+@@ -0,0 +1,12 @@
++#ifndef _IPT_QUOTA_H
++#define _IPT_QUOTA_H
++
++/* print debug info in both kernel/netfilter module & iptable library */
++//#define DEBUG_IPT_QUOTA
++
++struct ipt_quota_info {
++        u_int64_t quota;
++      struct ipt_quota_info *master;
++};
++
++#endif /*_IPT_QUOTA_H*/
+diff -uNr linux-2.6.13.1/net.orig/ipv4/netfilter/ipt_quota.c 
linux-2.6.13.1/net/ipv4/netfilter/ipt_quota.c
+--- linux-2.6.13.1/net.orig/ipv4/netfilter/ipt_quota.c 1970-01-01 
01:00:00.000000000 +0100
++++ linux-2.6.13.1/net/ipv4/netfilter/ipt_quota.c      2005-09-15 
10:25:42.485508250 +0200
+@@ -0,0 +1,96 @@
++/* 
++ * netfilter module to enforce network quotas
++ *
++ * Sam Johnston <[EMAIL PROTECTED]>
++ *
++ * 30/01/05: Fixed on SMP --Pablo Neira <[EMAIL PROTECTED]>
++ */
++#include <linux/module.h>
++#include <linux/skbuff.h>
++#include <linux/spinlock.h>
++#include <linux/interrupt.h>
++
++#include <linux/netfilter_ipv4/ip_tables.h>
++#include <linux/netfilter_ipv4/ipt_quota.h>
++
++MODULE_LICENSE("GPL");
++MODULE_AUTHOR("Sam Johnston <[EMAIL PROTECTED]>");
++
++static spinlock_t quota_lock = SPIN_LOCK_UNLOCKED;
++
++static int
++match(const struct sk_buff *skb,
++      const struct net_device *in,
++      const struct net_device *out,
++      const void *matchinfo,
++      int offset, int *hotdrop)
++{
++        struct ipt_quota_info *q = 
++              ((struct ipt_quota_info *) matchinfo)->master;
++
++      if (skb->len < sizeof(struct iphdr))
++              return NF_ACCEPT;
++      
++        spin_lock_bh(&quota_lock);
++
++        if (q->quota >= skb->len) {
++                /* we can afford this one */
++                q->quota -= skb->len;
++                spin_unlock_bh(&quota_lock);
++
++#ifdef DEBUG_IPT_QUOTA
++                printk("IPT Quota OK: %llu datlen %d \n", q->quota, skb->len);
++#endif
++                return 1;
++        }
++
++        /* so we do not allow even small packets from now on */
++        q->quota = 0;
++
++#ifdef DEBUG_IPT_QUOTA
++        printk("IPT Quota Failed: %llu datlen %d \n", q->quota, skb->len);
++#endif
++
++        spin_unlock_bh(&quota_lock);
++        return 0;
++}
++
++static int
++checkentry(const char *tablename,
++           const struct ipt_ip *ip,
++           void *matchinfo, unsigned int matchsize, unsigned int hook_mask)
++{
++        /* TODO: spinlocks? sanity checks? */
++      struct ipt_quota_info *q = (struct ipt_quota_info *) matchinfo;
++
++        if (matchsize != IPT_ALIGN(sizeof (struct ipt_quota_info)))
++                return 0;
++      
++      /* For SMP, we only want to use one set of counters. */
++      q->master = q;
++
++        return 1;
++}
++
++static struct ipt_match quota_match = {
++      .name = "quota",
++      .match = match,
++      .checkentry = checkentry,
++      .me = THIS_MODULE
++};
++
++static int __init
++init(void)
++{
++        return ipt_register_match(&quota_match);
++}
++
++static void __exit
++fini(void)
++{
++        ipt_unregister_match(&quota_match);
++}
++
++module_init(init);
++module_exit(fini);
++
+diff -uNr linux-2.6.13.1/net.orig/ipv4/netfilter/Kconfig 
linux-2.6.13.1/net/ipv4/netfilter/Kconfig
+--- linux-2.6.13.1/net.orig/ipv4/netfilter/Kconfig     2005-09-15 
10:21:06.000000000 +0200
++++ linux-2.6.13.1/net/ipv4/netfilter/Kconfig  2005-09-15 10:25:42.489508500 
+0200
+@@ -748,5 +748,15 @@
+         If you want to compile it as a module, say M here and read
+         Documentation/modules.txt.  If unsure, say `N'.
+ 
++config IP_NF_MATCH_QUOTA
++      tristate  'quota match support'
++      depends on IP_NF_IPTABLES
++      help
++        This match implements network quotas.
++      
++        If you want to compile it as a module, say M here and read
++        Documentation/modules.txt.  If unsure, say `N'.
++      
++
+ endmenu
+ 
+diff -uNr linux-2.6.13.1/net.orig/ipv4/netfilter/Makefile 
linux-2.6.13.1/net/ipv4/netfilter/Makefile
+--- linux-2.6.13.1/net.orig/ipv4/netfilter/Makefile    2005-09-15 
10:21:06.000000000 +0200
++++ linux-2.6.13.1/net/ipv4/netfilter/Makefile 2005-09-15 10:25:42.493508750 
+0200
+@@ -0,0 +0,1 @@
++obj-$(CONFIG_IP_NF_MATCH_QUOTA) += ipt_quota.o
================================================================
_______________________________________________
pld-cvs-commit mailing list
pld-cvs-commit@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

SOURCES (LINUX_2_6): linux-2.6-nf-quota.patch (NEW) - [base] quota...

Reply via email to