From dab3ca1324288a1abeb32590e1caec8848efe3e0 Mon Sep 17 00:00:00 2001
From: nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Tue, 10 Jan 2006 19:43:00 +0000
Subject: large target/linux cleanup

git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@2877 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 .../generic-2.4/patches/612-netfilter_quota.patch  | 147 +++++++++++++++++++++
 1 file changed, 147 insertions(+)
 create mode 100644 target/linux/generic-2.4/patches/612-netfilter_quota.patch

(limited to 'target/linux/generic-2.4/patches/612-netfilter_quota.patch')

diff --git a/target/linux/generic-2.4/patches/612-netfilter_quota.patch b/target/linux/generic-2.4/patches/612-netfilter_quota.patch
new file mode 100644
index 000000000..a0a019c17
--- /dev/null
+++ b/target/linux/generic-2.4/patches/612-netfilter_quota.patch
@@ -0,0 +1,147 @@
+diff -ruN linux-2.4.30-old/Documentation/Configure.help linux-2.4.30-new/Documentation/Configure.help
+--- linux-2.4.30-old/Documentation/Configure.help	2005-11-13 22:30:42.000000000 +0100
++++ linux-2.4.30-new/Documentation/Configure.help	2005-11-13 22:31:17.000000000 +0100
+@@ -2888,6 +2888,13 @@
+   If you want to compile it as a module, say M here and read
+   <file:Documentation/modules.txt>.  If unsure, say `N'.
+ 
++quota match support
++CONFIG_IP_NF_MATCH_QUOTA
++  This match implements network quotas.
++
++  If you want to compile it as a module, say M here and read
++  Documentation/modules.txt.  If unsure, say `N'.
++
+ skb->pkt_type packet match support
+ CONFIG_IP_NF_MATCH_PKTTYPE
+   This patch allows you to match packet in accrodance
+diff -ruN linux-2.4.30-old/include/linux/netfilter_ipv4/ipt_quota.h linux-2.4.30-new/include/linux/netfilter_ipv4/ipt_quota.h
+--- linux-2.4.30-old/include/linux/netfilter_ipv4/ipt_quota.h	1970-01-01 01:00:00.000000000 +0100
++++ linux-2.4.30-new/include/linux/netfilter_ipv4/ipt_quota.h	2005-11-13 22:31:17.000000000 +0100
+@@ -0,0 +1,12 @@
++#ifndef _IPT_QUOTA_H
++#define _IPT_QUOTA_H
++
++/* print debug info in both kernel/netfilter module & iptable library */
++//#define DEBUG_IPT_QUOTA
++
++struct ipt_quota_info {
++        u_int64_t quota;
++	struct ipt_quota_info *master;
++};
++
++#endif /*_IPT_QUOTA_H*/
+diff -ruN linux-2.4.30-old/net/ipv4/netfilter/Config.in linux-2.4.30-new/net/ipv4/netfilter/Config.in
+--- linux-2.4.30-old/net/ipv4/netfilter/Config.in	2005-11-13 22:30:42.000000000 +0100
++++ linux-2.4.30-new/net/ipv4/netfilter/Config.in	2005-11-13 22:31:17.000000000 +0100
+@@ -24,6 +24,7 @@
+ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; then
+ # The simple matches.
+   dep_tristate '  limit match support' CONFIG_IP_NF_MATCH_LIMIT $CONFIG_IP_NF_IPTABLES
++  dep_tristate '  quota match support' CONFIG_IP_NF_MATCH_QUOTA $CONFIG_IP_NF_IPTABLES
+ 
+   dep_tristate '  IP set support' CONFIG_IP_NF_SET $CONFIG_IP_NF_IPTABLES
+   if [ "$CONFIG_IP_NF_SET" != "n" ]; then
+diff -ruN linux-2.4.30-old/net/ipv4/netfilter/Makefile linux-2.4.30-new/net/ipv4/netfilter/Makefile
+--- linux-2.4.30-old/net/ipv4/netfilter/Makefile	2005-11-13 22:30:42.000000000 +0100
++++ linux-2.4.30-new/net/ipv4/netfilter/Makefile	2005-11-13 22:31:17.000000000 +0100
+@@ -74,6 +74,7 @@
+ # matches
+ obj-$(CONFIG_IP_NF_MATCH_HELPER) += ipt_helper.o
+ obj-$(CONFIG_IP_NF_MATCH_LIMIT) += ipt_limit.o
++obj-$(CONFIG_IP_NF_MATCH_QUOTA) += ipt_quota.o
+ obj-$(CONFIG_IP_NF_MATCH_MARK) += ipt_mark.o
+ obj-$(CONFIG_IP_NF_MATCH_SET) += ipt_set.o
+ obj-$(CONFIG_IP_NF_TARGET_SET) += ipt_SET.o
+diff -ruN linux-2.4.30-old/net/ipv4/netfilter/ipt_quota.c linux-2.4.30-new/net/ipv4/netfilter/ipt_quota.c
+--- linux-2.4.30-old/net/ipv4/netfilter/ipt_quota.c	1970-01-01 01:00:00.000000000 +0100
++++ linux-2.4.30-new/net/ipv4/netfilter/ipt_quota.c	2005-11-13 22:31:17.000000000 +0100
+@@ -0,0 +1,88 @@
++/* 
++ * netfilter module to enforce network quotas
++ *
++ * Sam Johnston <samj@samj.net>
++ *
++ * 30/01/05: Fixed on SMP --Pablo Neira <pablo@eurodev.net>
++ */
++#include <linux/module.h>
++#include <linux/skbuff.h>
++#include <linux/spinlock.h>
++#include <linux/interrupt.h>
++
++#include <linux/netfilter_ipv4/ip_tables.h>
++#include <linux/netfilter_ipv4/ipt_quota.h>
++
++MODULE_LICENSE("GPL");
++
++static spinlock_t quota_lock = SPIN_LOCK_UNLOCKED;
++
++static int
++match(const struct sk_buff *skb,
++      const struct net_device *in,
++      const struct net_device *out,
++      const void *matchinfo,
++      int offset, const void *hdr, u_int16_t datalen, int *hotdrop)
++{
++	struct ipt_quota_info *q =
++		((struct ipt_quota_info *) matchinfo)->master;
++
++        spin_lock_bh(&quota_lock);
++
++        if (q->quota >= datalen) {
++                /* we can afford this one */
++                q->quota -= datalen;
++                spin_unlock_bh(&quota_lock);
++
++#ifdef DEBUG_IPT_QUOTA
++                printk("IPT Quota OK: %llu datlen %d \n", q->quota, datalen);
++#endif
++                return 1;
++        }
++
++        /* so we do not allow even small packets from now on */
++        q->quota = 0;
++
++#ifdef DEBUG_IPT_QUOTA
++        printk("IPT Quota Failed: %llu datlen %d \n", q->quota, datalen);
++#endif
++
++        spin_unlock_bh(&quota_lock);
++        return 0;
++}
++
++static int
++checkentry(const char *tablename,
++           const struct ipt_ip *ip,
++           void *matchinfo, unsigned int matchsize, unsigned int hook_mask)
++{
++        /* TODO: spinlocks? sanity checks? */
++	struct ipt_quota_info *q = (struct ipt_quota_info *) matchinfo;
++
++        if (matchsize != IPT_ALIGN(sizeof (struct ipt_quota_info)))
++                return 0;
++	
++	/* For SMP, we only want to use one set of counters. */
++	q->master = q;
++
++        return 1;
++}
++
++static struct ipt_match quota_match
++    = { {NULL, NULL}, "quota", &match, &checkentry, NULL, THIS_MODULE };
++
++static int __init
++init(void)
++{
++        return ipt_register_match(&quota_match);
++}
++
++static void __exit
++fini(void)
++{
++        ipt_unregister_match(&quota_match);
++}
++
++module_init(init);
++module_exit(fini);
++
-- 
cgit v1.2.3