As far as I can tell, there's no linux tool which can report how much bandwidth a user has used. If you run a co-located machine and pay for bandwidth usage, you really want to know what users have been shipping files around. Granted, most daemons can log network usage (bytes xfer'd), but most clients do not.
To allow an admin to log network usage, it seemed necessary to patch the kernel to log whenever a user reads from or writes to the network. Basically, sys_read() and sys_write() just need to have a hook to printk() the uid, direction, and bytecount on the reads/writes if the file descriptor is an AF_INET socket. And that's what this patch does.
Once the patched kernel is running, use syslog-ng to send kernel log lines matching "USER PACKET LOG" to a script that just stores the passed uid and bytecount information for bandwidth charges at the end of the billing cycle.