diff options
Diffstat (limited to 'openwrt/target/linux/generic-2.4/patches/612-netfilter_quota.patch')
| -rw-r--r-- | openwrt/target/linux/generic-2.4/patches/612-netfilter_quota.patch | 147 |
1 files changed, 0 insertions, 147 deletions
diff --git a/openwrt/target/linux/generic-2.4/patches/612-netfilter_quota.patch b/openwrt/target/linux/generic-2.4/patches/612-netfilter_quota.patch deleted file mode 100644 index a0a019c171..0000000000 --- a/openwrt/target/linux/generic-2.4/patches/612-netfilter_quota.patch +++ /dev/null @@ -1,147 +0,0 @@ -diff -ruN linux-2.4.30-old/Documentation/Configure.help linux-2.4.30-new/Documentation/Configure.help ---- linux-2.4.30-old/Documentation/Configure.help 2005-11-13 22:30:42.000000000 +0100 -+++ linux-2.4.30-new/Documentation/Configure.help 2005-11-13 22:31:17.000000000 +0100 -@@ -2888,6 +2888,13 @@ - If you want to compile it as a module, say M here and read - <file:Documentation/modules.txt>. If unsure, say `N'. - -+quota match support -+CONFIG_IP_NF_MATCH_QUOTA -+ This match implements network quotas. -+ -+ If you want to compile it as a module, say M here and read -+ Documentation/modules.txt. If unsure, say `N'. -+ - skb->pkt_type packet match support - CONFIG_IP_NF_MATCH_PKTTYPE - This patch allows you to match packet in accrodance -diff -ruN linux-2.4.30-old/include/linux/netfilter_ipv4/ipt_quota.h linux-2.4.30-new/include/linux/netfilter_ipv4/ipt_quota.h ---- linux-2.4.30-old/include/linux/netfilter_ipv4/ipt_quota.h 1970-01-01 01:00:00.000000000 +0100 -+++ linux-2.4.30-new/include/linux/netfilter_ipv4/ipt_quota.h 2005-11-13 22:31:17.000000000 +0100 -@@ -0,0 +1,12 @@ -+#ifndef _IPT_QUOTA_H -+#define _IPT_QUOTA_H -+ -+/* print debug info in both kernel/netfilter module & iptable library */ -+//#define DEBUG_IPT_QUOTA -+ -+struct ipt_quota_info { -+ u_int64_t quota; -+ struct ipt_quota_info *master; -+}; -+ -+#endif /*_IPT_QUOTA_H*/ -diff -ruN linux-2.4.30-old/net/ipv4/netfilter/Config.in linux-2.4.30-new/net/ipv4/netfilter/Config.in ---- linux-2.4.30-old/net/ipv4/netfilter/Config.in 2005-11-13 22:30:42.000000000 +0100 -+++ linux-2.4.30-new/net/ipv4/netfilter/Config.in 2005-11-13 22:31:17.000000000 +0100 -@@ -24,6 +24,7 @@ - if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; then - # The simple matches. - dep_tristate ' limit match support' CONFIG_IP_NF_MATCH_LIMIT $CONFIG_IP_NF_IPTABLES -+ dep_tristate ' quota match support' CONFIG_IP_NF_MATCH_QUOTA $CONFIG_IP_NF_IPTABLES - - dep_tristate ' IP set support' CONFIG_IP_NF_SET $CONFIG_IP_NF_IPTABLES - if [ "$CONFIG_IP_NF_SET" != "n" ]; then -diff -ruN linux-2.4.30-old/net/ipv4/netfilter/Makefile linux-2.4.30-new/net/ipv4/netfilter/Makefile ---- linux-2.4.30-old/net/ipv4/netfilter/Makefile 2005-11-13 22:30:42.000000000 +0100 -+++ linux-2.4.30-new/net/ipv4/netfilter/Makefile 2005-11-13 22:31:17.000000000 +0100 -@@ -74,6 +74,7 @@ - # matches - obj-$(CONFIG_IP_NF_MATCH_HELPER) += ipt_helper.o - obj-$(CONFIG_IP_NF_MATCH_LIMIT) += ipt_limit.o -+obj-$(CONFIG_IP_NF_MATCH_QUOTA) += ipt_quota.o - obj-$(CONFIG_IP_NF_MATCH_MARK) += ipt_mark.o - obj-$(CONFIG_IP_NF_MATCH_SET) += ipt_set.o - obj-$(CONFIG_IP_NF_TARGET_SET) += ipt_SET.o -diff -ruN linux-2.4.30-old/net/ipv4/netfilter/ipt_quota.c linux-2.4.30-new/net/ipv4/netfilter/ipt_quota.c ---- linux-2.4.30-old/net/ipv4/netfilter/ipt_quota.c 1970-01-01 01:00:00.000000000 +0100 -+++ linux-2.4.30-new/net/ipv4/netfilter/ipt_quota.c 2005-11-13 22:31:17.000000000 +0100 -@@ -0,0 +1,88 @@ -+/* -+ * netfilter module to enforce network quotas -+ * -+ * Sam Johnston <samj@samj.net> -+ * -+ * 30/01/05: Fixed on SMP --Pablo Neira <pablo@eurodev.net> -+ */ -+#include <linux/module.h> -+#include <linux/skbuff.h> -+#include <linux/spinlock.h> -+#include <linux/interrupt.h> -+ -+#include <linux/netfilter_ipv4/ip_tables.h> -+#include <linux/netfilter_ipv4/ipt_quota.h> -+ -+MODULE_LICENSE("GPL"); -+ -+static spinlock_t quota_lock = SPIN_LOCK_UNLOCKED; -+ -+static int -+match(const struct sk_buff *skb, -+ const struct net_device *in, -+ const struct net_device *out, -+ const void *matchinfo, -+ int offset, const void *hdr, u_int16_t datalen, int *hotdrop) -+{ -+ struct ipt_quota_info *q = -+ ((struct ipt_quota_info *) matchinfo)->master; -+ -+ spin_lock_bh("a_lock); -+ -+ if (q->quota >= datalen) { -+ /* we can afford this one */ -+ q->quota -= datalen; -+ spin_unlock_bh("a_lock); -+ -+#ifdef DEBUG_IPT_QUOTA -+ printk("IPT Quota OK: %llu datlen %d \n", q->quota, datalen); -+#endif -+ return 1; -+ } -+ -+ /* so we do not allow even small packets from now on */ -+ q->quota = 0; -+ -+#ifdef DEBUG_IPT_QUOTA -+ printk("IPT Quota Failed: %llu datlen %d \n", q->quota, datalen); -+#endif -+ -+ spin_unlock_bh("a_lock); -+ return 0; -+} -+ -+static int -+checkentry(const char *tablename, -+ const struct ipt_ip *ip, -+ void *matchinfo, unsigned int matchsize, unsigned int hook_mask) -+{ -+ /* TODO: spinlocks? sanity checks? */ -+ struct ipt_quota_info *q = (struct ipt_quota_info *) matchinfo; -+ -+ if (matchsize != IPT_ALIGN(sizeof (struct ipt_quota_info))) -+ return 0; -+ -+ /* For SMP, we only want to use one set of counters. */ -+ q->master = q; -+ -+ return 1; -+} -+ -+static struct ipt_match quota_match -+ = { {NULL, NULL}, "quota", &match, &checkentry, NULL, THIS_MODULE }; -+ -+static int __init -+init(void) -+{ -+ return ipt_register_match("a_match); -+} -+ -+static void __exit -+fini(void) -+{ -+ ipt_unregister_match("a_match); -+} -+ -+module_init(init); -+module_exit(fini); -+ |