diff options
Diffstat (limited to 'target/linux/generic-2.4/patches/612-netfilter_quota.patch')
-rw-r--r-- | target/linux/generic-2.4/patches/612-netfilter_quota.patch | 142 |
1 files changed, 0 insertions, 142 deletions
diff --git a/target/linux/generic-2.4/patches/612-netfilter_quota.patch b/target/linux/generic-2.4/patches/612-netfilter_quota.patch deleted file mode 100644 index d5bb1e2426..0000000000 --- a/target/linux/generic-2.4/patches/612-netfilter_quota.patch +++ /dev/null @@ -1,142 +0,0 @@ ---- a/Documentation/Configure.help -+++ b/Documentation/Configure.help -@@ -2888,6 +2888,13 @@ CONFIG_IP_NF_MATCH_LIMIT - If you want to compile it as a module, say M here and read - <file:Documentation/modules.txt>. If unsure, say `N'. - -+quota match support -+CONFIG_IP_NF_MATCH_QUOTA -+ This match implements network quotas. -+ -+ If you want to compile it as a module, say M here and read -+ Documentation/modules.txt. If unsure, say `N'. -+ - skb->pkt_type packet match support - CONFIG_IP_NF_MATCH_PKTTYPE - This patch allows you to match packet in accrodance ---- /dev/null -+++ b/include/linux/netfilter_ipv4/ipt_quota.h -@@ -0,0 +1,12 @@ -+#ifndef _IPT_QUOTA_H -+#define _IPT_QUOTA_H -+ -+/* print debug info in both kernel/netfilter module & iptable library */ -+//#define DEBUG_IPT_QUOTA -+ -+struct ipt_quota_info { -+ u_int64_t quota; -+ struct ipt_quota_info *master; -+}; -+ -+#endif /*_IPT_QUOTA_H*/ ---- a/net/ipv4/netfilter/Config.in -+++ b/net/ipv4/netfilter/Config.in -@@ -22,6 +22,7 @@ tristate 'IP tables support (required fo - if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; then - # The simple matches. - dep_tristate ' limit match support' CONFIG_IP_NF_MATCH_LIMIT $CONFIG_IP_NF_IPTABLES -+ dep_tristate ' quota match support' CONFIG_IP_NF_MATCH_QUOTA $CONFIG_IP_NF_IPTABLES - dep_tristate ' MAC address match support' CONFIG_IP_NF_MATCH_MAC $CONFIG_IP_NF_IPTABLES - dep_tristate ' Packet type match support' CONFIG_IP_NF_MATCH_PKTTYPE $CONFIG_IP_NF_IPTABLES - dep_tristate ' netfilter MARK match support' CONFIG_IP_NF_MATCH_MARK $CONFIG_IP_NF_IPTABLES ---- a/net/ipv4/netfilter/Makefile -+++ b/net/ipv4/netfilter/Makefile -@@ -65,6 +65,7 @@ obj-$(CONFIG_IP_NF_NAT) += iptable_nat.o - # matches - obj-$(CONFIG_IP_NF_MATCH_HELPER) += ipt_helper.o - obj-$(CONFIG_IP_NF_MATCH_LIMIT) += ipt_limit.o -+obj-$(CONFIG_IP_NF_MATCH_QUOTA) += ipt_quota.o - obj-$(CONFIG_IP_NF_MATCH_MARK) += ipt_mark.o - obj-$(CONFIG_IP_NF_MATCH_MAC) += ipt_mac.o - obj-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p.o ---- /dev/null -+++ b/net/ipv4/netfilter/ipt_quota.c -@@ -0,0 +1,88 @@ -+/* -+ * netfilter module to enforce network quotas -+ * -+ * Sam Johnston <samj@samj.net> -+ * -+ * 30/01/05: Fixed on SMP --Pablo Neira <pablo@eurodev.net> -+ */ -+#include <linux/module.h> -+#include <linux/skbuff.h> -+#include <linux/spinlock.h> -+#include <linux/interrupt.h> -+ -+#include <linux/netfilter_ipv4/ip_tables.h> -+#include <linux/netfilter_ipv4/ipt_quota.h> -+ -+MODULE_LICENSE("GPL"); -+ -+static spinlock_t quota_lock = SPIN_LOCK_UNLOCKED; -+ -+static int -+match(const struct sk_buff *skb, -+ const struct net_device *in, -+ const struct net_device *out, -+ const void *matchinfo, -+ int offset, const void *hdr, u_int16_t datalen, int *hotdrop) -+{ -+ struct ipt_quota_info *q = -+ ((struct ipt_quota_info *) matchinfo)->master; -+ -+ spin_lock_bh("a_lock); -+ -+ if (q->quota >= datalen) { -+ /* we can afford this one */ -+ q->quota -= datalen; -+ spin_unlock_bh("a_lock); -+ -+#ifdef DEBUG_IPT_QUOTA -+ printk("IPT Quota OK: %llu datlen %d \n", q->quota, datalen); -+#endif -+ return 1; -+ } -+ -+ /* so we do not allow even small packets from now on */ -+ q->quota = 0; -+ -+#ifdef DEBUG_IPT_QUOTA -+ printk("IPT Quota Failed: %llu datlen %d \n", q->quota, datalen); -+#endif -+ -+ spin_unlock_bh("a_lock); -+ return 0; -+} -+ -+static int -+checkentry(const char *tablename, -+ const struct ipt_ip *ip, -+ void *matchinfo, unsigned int matchsize, unsigned int hook_mask) -+{ -+ /* TODO: spinlocks? sanity checks? */ -+ struct ipt_quota_info *q = (struct ipt_quota_info *) matchinfo; -+ -+ if (matchsize != IPT_ALIGN(sizeof (struct ipt_quota_info))) -+ return 0; -+ -+ /* For SMP, we only want to use one set of counters. */ -+ q->master = q; -+ -+ return 1; -+} -+ -+static struct ipt_match quota_match -+ = { {NULL, NULL}, "quota", &match, &checkentry, NULL, THIS_MODULE }; -+ -+static int __init -+init(void) -+{ -+ return ipt_register_match("a_match); -+} -+ -+static void __exit -+fini(void) -+{ -+ ipt_unregister_match("a_match); -+} -+ -+module_init(init); -+module_exit(fini); -+ |