The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.9.x-ovz" and will appear
at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.9.10
------>
commit 676ce9dbea2376efb7b6e57cb1088691bb59d84f
Author: Pavel Tikhomirov <ptikhomi...@virtuozzo.com>
Date: Wed Nov 18 15:59:14 2015 +0400
fence-watchdog: Port:
diff-fence-watchdog-arptables-add-ability-to-filter-by-watchdog-timeout-v5
Author: Dmitry Guryanov
Email: dgurya...@parallels.com
Subject: fence-watchdog/arptables: add ability to filter by watchdog
timeout
Date: Tue, 19 Nov 2013 12:22:00 +0400
arptable uses fixed structure arpt_arp for passing match
parameters. Let's use flags field of that structure to
indicate, that we want to match by watchdog timeout.
Changes in v5:
use last possible bits for ARPT_WDOGTMO and ARPT_INV_WDOGTMO.
https://jira.sw.ru/browse/PSBM-23253
Signed-off-by: Dmitry Guryanov <dgurya...@parallels.com>
Signed-off-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com>
Acked-by: Andrew Vagin <ava...@virtuozzo.com>
---
include/uapi/linux/netfilter_arp/arp_tables.h | 7 ++++---
net/ipv4/netfilter/arp_tables.c | 9 +++++++++
2 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/include/uapi/linux/netfilter_arp/arp_tables.h
b/include/uapi/linux/netfilter_arp/arp_tables.h
index a5a86a4..cb3aa16 100644
--- a/include/uapi/linux/netfilter_arp/arp_tables.h
+++ b/include/uapi/linux/netfilter_arp/arp_tables.h
@@ -71,9 +71,9 @@ struct arpt_arp {
};
/* Values for "flag" field in struct arpt_ip (general arp structure).
- * No flags defined yet.
*/
-#define ARPT_F_MASK 0x00 /* All possible flag bits mask. */
+#define ARPT_WDOGTMO 0x80
+#define ARPT_F_MASK 0x80 /* All possible flag bits mask. */
/* Values for "inv" field in struct arpt_arp. */
#define ARPT_INV_VIA_IN 0x0001 /* Invert the sense of IN
IFACE. */
@@ -86,7 +86,8 @@ struct arpt_arp {
#define ARPT_INV_ARPHRD 0x0080 /* Invert the sense of ARP HRD.
*/
#define ARPT_INV_ARPPRO 0x0100 /* Invert the sense of ARP PRO.
*/
#define ARPT_INV_ARPHLN 0x0200 /* Invert the sense of ARP HLN.
*/
-#define ARPT_INV_MASK 0x03FF /* All possible flag bits mask. */
+#define ARPT_INV_WDOGTMO 0x8000 /* Invert the sense if ARPT_WDOGTMO
flag */
+#define ARPT_INV_MASK 0x83FF /* All possible flag bits mask. */
/* This structure defines each of the firewall rules. Consists of 3
parts which are 1) general ARP header stuff 2) match specific
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index f95b6f9..83369df 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -25,6 +25,7 @@
#include <net/compat.h>
#include <net/sock.h>
#include <asm/uaccess.h>
+#include <linux/fence-watchdog.h>
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter_arp/arp_tables.h>
@@ -112,6 +113,14 @@ static inline int arp_packet_match(const struct arphdr
*arphdr,
#define FWINV(bool, invflg) ((bool) ^ !!(arpinfo->invflags & (invflg)))
+#ifdef CONFIG_FENCE_WATCHDOG
+ if (FWINV((arpinfo->flags & ARPT_WDOGTMO) && !fence_wdog_tmo_match(),
+ ARPT_INV_WDOGTMO)) {
+ dprintf("Watchdog timeout mismatch.\n");
+ return 0;
+ }
+#endif
+
if (FWINV((arphdr->ar_op & arpinfo->arpop_mask) != arpinfo->arpop,
ARPT_INV_ARPOP)) {
dprintf("ARP operation field mismatch.\n");
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
