Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
xt_quota.c
Go to the documentation of this file.
1 /*
2  * netfilter module to enforce network quotas
3  *
4  * Sam Johnston <[email protected]>
5  */
6 #include <linux/skbuff.h>
7 #include <linux/slab.h>
8 #include <linux/spinlock.h>
9 
10 #include <linux/netfilter/x_tables.h>
11 #include <linux/netfilter/xt_quota.h>
12 #include <linux/module.h>
13 
14 struct xt_quota_priv {
15  spinlock_t lock;
16  uint64_t quota;
17 };
18 
19 MODULE_LICENSE("GPL");
20 MODULE_AUTHOR("Sam Johnston <[email protected]>");
21 MODULE_DESCRIPTION("Xtables: countdown quota match");
22 MODULE_ALIAS("ipt_quota");
23 MODULE_ALIAS("ip6t_quota");
24 
25 static bool
26 quota_mt(const struct sk_buff *skb, struct xt_action_param *par)
27 {
28  struct xt_quota_info *q = (void *)par->matchinfo;
29  struct xt_quota_priv *priv = q->master;
30  bool ret = q->flags & XT_QUOTA_INVERT;
31 
32  spin_lock_bh(&priv->lock);
33  if (priv->quota >= skb->len) {
34  priv->quota -= skb->len;
35  ret = !ret;
36  } else {
37  /* we do not allow even small packets from now on */
38  priv->quota = 0;
39  }
40  spin_unlock_bh(&priv->lock);
41 
42  return ret;
43 }
44 
45 static int quota_mt_check(const struct xt_mtchk_param *par)
46 {
47  struct xt_quota_info *q = par->matchinfo;
48 
49  if (q->flags & ~XT_QUOTA_MASK)
50  return -EINVAL;
51 
52  q->master = kmalloc(sizeof(*q->master), GFP_KERNEL);
53  if (q->master == NULL)
54  return -ENOMEM;
55 
56  spin_lock_init(&q->master->lock);
57  q->master->quota = q->quota;
58  return 0;
59 }
60 
61 static void quota_mt_destroy(const struct xt_mtdtor_param *par)
62 {
63  const struct xt_quota_info *q = par->matchinfo;
64 
65  kfree(q->master);
66 }
67 
68 static struct xt_match quota_mt_reg __read_mostly = {
69  .name = "quota",
70  .revision = 0,
71  .family = NFPROTO_UNSPEC,
72  .match = quota_mt,
73  .checkentry = quota_mt_check,
74  .destroy = quota_mt_destroy,
75  .matchsize = sizeof(struct xt_quota_info),
76  .me = THIS_MODULE,
77 };
78 
79 static int __init quota_mt_init(void)
80 {
81  return xt_register_match(&quota_mt_reg);
82 }
83 
84 static void __exit quota_mt_exit(void)
85 {
86  xt_unregister_match(&quota_mt_reg);
87 }
88 
89 module_init(quota_mt_init);
90 module_exit(quota_mt_exit);
Generated on Thu Jan 10 2013 15:00:57 for Linux Kernel by   doxygen 1.8.2