1 /* 2 * Shared library add-on to iptables to add quota support 3 * 4 * Sam Johnston <samj (at) samj.net> 5 */ 6 #include <stdio.h> 7 #include <xtables.h> 8 #include <linux/netfilter/xt_quota.h> 9 10 enum { 11 O_QUOTA = 0, 12 }; 13 14 static const struct xt_option_entry quota_opts[] = { 15 {.name = "quota", .id = O_QUOTA, .type = XTTYPE_UINT64, 16 .flags = XTOPT_MAND | XTOPT_INVERT | XTOPT_PUT, 17 XTOPT_POINTER(struct xt_quota_info, quota)}, 18 XTOPT_TABLEEND, 19 }; 20 21 static void quota_help(void) 22 { 23 printf("quota match options:\n" 24 "[!] --quota quota quota (bytes)\n"); 25 } 26 27 static void 28 quota_print(const void *ip, const struct xt_entry_match *match, int numeric) 29 { 30 const struct xt_quota_info *q = (const void *)match->data; 31 printf(" quota: %llu bytes", (unsigned long long)q->quota); 32 } 33 34 static void 35 quota_save(const void *ip, const struct xt_entry_match *match) 36 { 37 const struct xt_quota_info *q = (const void *)match->data; 38 39 if (q->flags & XT_QUOTA_INVERT) 40 printf("! "); 41 printf(" --quota %llu", (unsigned long long) q->quota); 42 } 43 44 static void quota_parse(struct xt_option_call *cb) 45 { 46 struct xt_quota_info *info = cb->data; 47 48 xtables_option_parse(cb); 49 if (cb->invert) 50 info->flags |= XT_QUOTA_INVERT; 51 info->quota = cb->val.u64; 52 } 53 54 static struct xtables_match quota_match = { 55 .family = NFPROTO_UNSPEC, 56 .name = "quota", 57 .version = XTABLES_VERSION, 58 .size = XT_ALIGN(sizeof (struct xt_quota_info)), 59 .userspacesize = offsetof(struct xt_quota_info, master), 60 .help = quota_help, 61 .print = quota_print, 62 .save = quota_save, 63 .x6_parse = quota_parse, 64 .x6_options = quota_opts, 65 }; 66 67 void 68 _init(void) 69 { 70 xtables_register_match("a_match); 71 } 72
