1/* 2 * Shared library add-on to iptables to add quota support 3 * 4 * Sam Johnston <samj@samj.net> 5 */ 6#include <stdio.h> 7#include <xtables.h> 8#include <linux/netfilter/xt_quota.h> 9 10enum { 11 O_QUOTA = 0, 12}; 13 14static const struct xt_option_entry quota_opts[] = { 15 {.name = "quota", .id = O_QUOTA, .type = XTTYPE_UINT64, 16 .flags = XTOPT_MAND | XTOPT_INVERT | XTOPT_PUT, 17 XTOPT_POINTER(struct xt_quota_info, quota)}, 18 XTOPT_TABLEEND, 19}; 20 21static void quota_help(void) 22{ 23 printf("quota match options:\n" 24 "[!] --quota quota quota (bytes)\n"); 25} 26 27static void 28quota_print(const void *ip, const struct xt_entry_match *match, int numeric) 29{ 30 const struct xt_quota_info *q = (const void *)match->data; 31 printf(" quota: %llu bytes", (unsigned long long)q->quota); 32} 33 34static void 35quota_save(const void *ip, const struct xt_entry_match *match) 36{ 37 const struct xt_quota_info *q = (const void *)match->data; 38 39 if (q->flags & XT_QUOTA_INVERT) 40 printf("! "); 41 printf(" --quota %llu", (unsigned long long) q->quota); 42} 43 44static void quota_parse(struct xt_option_call *cb) 45{ 46 struct xt_quota_info *info = cb->data; 47 48 xtables_option_parse(cb); 49 if (cb->invert) 50 info->flags |= XT_QUOTA_INVERT; 51 info->quota = cb->val.u64; 52} 53 54static struct xtables_match quota_match = { 55 .family = NFPROTO_UNSPEC, 56 .name = "quota", 57 .version = XTABLES_VERSION, 58 .size = XT_ALIGN(sizeof (struct xt_quota_info)), 59 .userspacesize = offsetof(struct xt_quota_info, master), 60 .help = quota_help, 61 .print = quota_print, 62 .save = quota_save, 63 .x6_parse = quota_parse, 64 .x6_options = quota_opts, 65}; 66 67void 68_init(void) 69{ 70 xtables_register_match("a_match); 71} 72