new REBOOT target

[Wang Jian <lark@linux.net.cn>]

[-- Attachment #1: Type: text/plain, Size: 1711 bytes --]

Hi,

For my own purpose, I write a REBOOT target to remotely reboot a linux
box using specially crafted ICMP packet.

One of my servers has symptom that httpd locks machine:

1. console is locked, not usable;
2. network seems to be good, ICMP echo/reply is ok; tcp connection can
   be established on open ports, but userspace server programs seem to
   be out of luck;
3. if keep it as it for quite a long time, network dies but console
   works again;

The server is hosted in a remote small data center, and it is not
possible to get there everytime it is locked.

That is the scenario this REBOOT target fits. I am interested in other
usage if someone else can find. I post it here in case it is also useful
for others.

Usage: 

# iptables -I INPUT -p icmp -j REBOOT --passphrase pass [--offset offset]
[--hard (0|1)]

A perl script is used to send special ICMP packet.


All files are in attached tarball.

Some notes on the source code:

1. There are hardcode paths in Makefile, so some modification is needed
   to compile;
2. The code is for iptables 1.2.9;
3. --passphrase is mandatory. There is string matching functionality in
   ipt_string, however ipt_string is not standard module, and missing in
   many distributions' kernel. So I write my own matching code. If
   ipt_string becomes standard, then this parameter can be eliminated along
   with --offset.
4. reboot code is ugly. I want it to support a more safe reboot, such as
   sync() then sys_reboot(), but sys_reboot() need a userspace pointer,
   cannot be called directly from kernel.
5. There is a reserved 'count' which can be used to do
   trigger-n-times-then-do-it control.

Any feedback and suggestion is welcome :)



-- 
  lark

[-- Attachment #2: nfreboot-0.1.tar.gz --]
[-- Type: application/octet-stream, Size: 3809 bytes --]