Index: linux/include/linux/netfilter_ipv4/ipt_quota.h
===================================================================
--- linux/include/linux/netfilter_ipv4/ipt_quota.h	(revision 3598)
+++ linux/include/linux/netfilter_ipv4/ipt_quota.h	(working copy)
@@ -6,6 +6,7 @@
 
 struct ipt_quota_info {
         u_int64_t quota;
+	struct ipt_quota_info *master;
 };
 
 #endif /*_IPT_QUOTA_H*/
Index: linux/net/ipv4/netfilter/ipt_quota.c
===================================================================
--- linux/net/ipv4/netfilter/ipt_quota.c	(revision 3598)
+++ linux/net/ipv4/netfilter/ipt_quota.c	(working copy)
@@ -2,6 +2,8 @@
  * netfilter module to enforce network quotas
  *
  * Sam Johnston <samj@samj.net>
+ *
+ * 30/01/05: Fixed on SMP --Pablo Neira <pablo@eurodev.net>
  */
 #include <linux/module.h>
 #include <linux/skbuff.h>
@@ -22,9 +24,9 @@
       const void *matchinfo,
       int offset, const void *hdr, u_int16_t datalen, int *hotdrop)
 {
+	struct ipt_quota_info *q =
+		((struct ipt_quota_info *) matchinfo)->master;
 
-        struct ipt_quota_info *q = (struct ipt_quota_info *) matchinfo;
-
         spin_lock_bh(&quota_lock);
 
         if (q->quota >= datalen) {
@@ -55,8 +57,13 @@
            void *matchinfo, unsigned int matchsize, unsigned int hook_mask)
 {
         /* TODO: spinlocks? sanity checks? */
+	struct ipt_quota_info *q = (struct ipt_quota_info *) matchinfo;
+
         if (matchsize != IPT_ALIGN(sizeof (struct ipt_quota_info)))
                 return 0;
+	
+	/* For SMP, we only want to use one set of counters. */
+	q->master = q;
 
         return 1;
 }