On Wed, Jul 11, 2012 at 01:52:30AM +0200, Jan Engelhardt wrote: > The SYSRQ target will allow to remotely invoke sysrq on the local > machine. Authentication is by means of a pre-shared key that can > either be transmitted plaintext or digest-secured. > > Signed-off-by: Jan Engelhardt <jengelh@xxxxxxx> > --- > net/netfilter/Kconfig | 12 ++ > net/netfilter/Makefile | 1 + > net/netfilter/xt_SYSRQ.c | 361 ++++++++++++++++++++++++++++++++++++++++++++++ > 3 files changed, 374 insertions(+), 0 deletions(-) > create mode 100644 net/netfilter/xt_SYSRQ.c > > diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig > index c19b214..fbe8e40 100644 > --- a/net/netfilter/Kconfig > +++ b/net/netfilter/Kconfig > @@ -644,6 +644,18 @@ config NETFILTER_XT_TARGET_RATEEST > > To compile it as a module, choose M here. If unsure, say N. > > +config NETFILTER_XT_TARGET_SYSRQ > + tristate '"SYSRQ" - remote sysrq invocation' > + depends on NETFILTER_ADVANCED > + ---help--- > + This option enables the "SYSRQ" target which can be used to trigger > + sysrq from a remote machine using a magic UDP packet with a pre-shared > + password. This is useful when the receiving host has locked up in an > + Oops yet still can process incoming packets. > + > + Besides plaintext packets, digest-secured SYSRQ requests will be > + supported when CONFIG_CRYPTO is enabled. I guess this is useful for user, eg. you can reboot your crashed system from your office in case that cheap comodity hardware without remote management tools (eg. HP's ILO or Dell's iDRAC). Still, I think that including this in Netfilter is a bit of abuse since this is out of the scope of providing some firewalling feature. People willing to use this should be able to use without requiring Netfilter at all. If you have interest in pushing this into mainline, I think this deserves to be generalized and included somewhere into the networking tree and provide some genetlink interface to configure it. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
