The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.9.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git after rh7-3.10.0-229.7.2.vz7.9.10 ------> commit 676ce9dbea2376efb7b6e57cb1088691bb59d84f Author: Pavel Tikhomirov <ptikhomi...@virtuozzo.com> Date: Wed Nov 18 15:59:14 2015 +0400
fence-watchdog: Port: diff-fence-watchdog-arptables-add-ability-to-filter-by-watchdog-timeout-v5 Author: Dmitry Guryanov Email: dgurya...@parallels.com Subject: fence-watchdog/arptables: add ability to filter by watchdog timeout Date: Tue, 19 Nov 2013 12:22:00 +0400 arptable uses fixed structure arpt_arp for passing match parameters. Let's use flags field of that structure to indicate, that we want to match by watchdog timeout. Changes in v5: use last possible bits for ARPT_WDOGTMO and ARPT_INV_WDOGTMO. https://jira.sw.ru/browse/PSBM-23253 Signed-off-by: Dmitry Guryanov <dgurya...@parallels.com> Signed-off-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com> Acked-by: Andrew Vagin <ava...@virtuozzo.com> --- include/uapi/linux/netfilter_arp/arp_tables.h | 7 ++++--- net/ipv4/netfilter/arp_tables.c | 9 +++++++++ 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/include/uapi/linux/netfilter_arp/arp_tables.h b/include/uapi/linux/netfilter_arp/arp_tables.h index a5a86a4..cb3aa16 100644 --- a/include/uapi/linux/netfilter_arp/arp_tables.h +++ b/include/uapi/linux/netfilter_arp/arp_tables.h @@ -71,9 +71,9 @@ struct arpt_arp { }; /* Values for "flag" field in struct arpt_ip (general arp structure). - * No flags defined yet. */ -#define ARPT_F_MASK 0x00 /* All possible flag bits mask. */ +#define ARPT_WDOGTMO 0x80 +#define ARPT_F_MASK 0x80 /* All possible flag bits mask. */ /* Values for "inv" field in struct arpt_arp. */ #define ARPT_INV_VIA_IN 0x0001 /* Invert the sense of IN IFACE. */ @@ -86,7 +86,8 @@ struct arpt_arp { #define ARPT_INV_ARPHRD 0x0080 /* Invert the sense of ARP HRD. */ #define ARPT_INV_ARPPRO 0x0100 /* Invert the sense of ARP PRO. */ #define ARPT_INV_ARPHLN 0x0200 /* Invert the sense of ARP HLN. */ -#define ARPT_INV_MASK 0x03FF /* All possible flag bits mask. */ +#define ARPT_INV_WDOGTMO 0x8000 /* Invert the sense if ARPT_WDOGTMO flag */ +#define ARPT_INV_MASK 0x83FF /* All possible flag bits mask. */ /* This structure defines each of the firewall rules. Consists of 3 parts which are 1) general ARP header stuff 2) match specific diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index f95b6f9..83369df 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c @@ -25,6 +25,7 @@ #include <net/compat.h> #include <net/sock.h> #include <asm/uaccess.h> +#include <linux/fence-watchdog.h> #include <linux/netfilter/x_tables.h> #include <linux/netfilter_arp/arp_tables.h> @@ -112,6 +113,14 @@ static inline int arp_packet_match(const struct arphdr *arphdr, #define FWINV(bool, invflg) ((bool) ^ !!(arpinfo->invflags & (invflg))) +#ifdef CONFIG_FENCE_WATCHDOG + if (FWINV((arpinfo->flags & ARPT_WDOGTMO) && !fence_wdog_tmo_match(), + ARPT_INV_WDOGTMO)) { + dprintf("Watchdog timeout mismatch.\n"); + return 0; + } +#endif + if (FWINV((arphdr->ar_op & arpinfo->arpop_mask) != arpinfo->arpop, ARPT_INV_ARPOP)) { dprintf("ARP operation field mismatch.\n"); _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel