[netfilter-cvslog] r4024 - in trunk/patch-o-matic-ng/patchlets/time/linux-2.6: include/linux/netfilter_ipv4 net/ipv4/netfilter

laforge at netfilter.org laforge at netfilter.org
Mon Jun 27 12:52:12 CEST 2005


Author: laforge at netfilter.org
Date: 2005-06-27 12:52:11 +0200 (Mon, 27 Jun 2005)
New Revision: 4024

Modified:
   trunk/patch-o-matic-ng/patchlets/time/linux-2.6/include/linux/netfilter_ipv4/ipt_time.h
   trunk/patch-o-matic-ng/patchlets/time/linux-2.6/net/ipv4/netfilter/ipt_time.c
Log:
This patch fixes time match when skb->stamp.tv_sec is 0 (Krzysztof Oledzki <olenf at ans.pl>)


Modified: trunk/patch-o-matic-ng/patchlets/time/linux-2.6/include/linux/netfilter_ipv4/ipt_time.h
===================================================================
--- trunk/patch-o-matic-ng/patchlets/time/linux-2.6/include/linux/netfilter_ipv4/ipt_time.h	2005-06-27 09:18:41 UTC (rev 4023)
+++ trunk/patch-o-matic-ng/patchlets/time/linux-2.6/include/linux/netfilter_ipv4/ipt_time.h	2005-06-27 10:52:11 UTC (rev 4024)
@@ -6,7 +6,10 @@
 	u_int8_t  days_match;   /* 1 bit per day. -SMTWTFS                      */
 	u_int16_t time_start;   /* 0 < time_start < 23*60+59 = 1439             */
 	u_int16_t time_stop;    /* 0:0 < time_stat < 23:59                      */
+
+				/* FIXME: Keep this one for userspace iptables binary compability: */
 	u_int8_t  kerneltime;   /* ignore skb time (and use kerneltime) or not. */
+
 	time_t    date_start;
 	time_t    date_stop;
 };

Modified: trunk/patch-o-matic-ng/patchlets/time/linux-2.6/net/ipv4/netfilter/ipt_time.c
===================================================================
--- trunk/patch-o-matic-ng/patchlets/time/linux-2.6/net/ipv4/netfilter/ipt_time.c	2005-06-27 09:18:41 UTC (rev 4023)
+++ trunk/patch-o-matic-ng/patchlets/time/linux-2.6/net/ipv4/netfilter/ipt_time.c	2005-06-27 10:52:11 UTC (rev 4024)
@@ -54,24 +54,17 @@
 	struct tm currenttime;                          /* time human readable */
 	u_int8_t days_of_week[7] = {64, 32, 16, 8, 4, 2, 1};
 	u_int16_t packet_time;
-	struct timeval kerneltimeval;
-	time_t packet_local_time;
 
-	/* if kerneltime=1, we don't read the skb->timestamp but kernel time instead */
-	if (info->kerneltime)
-	{
-		do_gettimeofday(&kerneltimeval);
-		packet_local_time = kerneltimeval.tv_sec;
-	}
-	else
-		packet_local_time = skb->stamp.tv_sec;
+	/* We might not have a timestamp, get one */
+	if (skb->stamp.tv_sec == 0)
+		do_gettimeofday((struct timeval *)&skb->stamp);
 
 	/* First we make sure we are in the date start-stop boundaries */
-	if ((packet_local_time < info->date_start) || (packet_local_time > info->date_stop))
+	if ((skb->stamp.tv_sec < info->date_start) || (skb->stamp.tv_sec > info->date_stop))
 		return 0; /* We are outside the date boundaries */
 
 	/* Transform the timestamp of the packet, in a human readable form */
-	localtime(&packet_local_time, &currenttime);
+	localtime(&skb->stamp.tv_sec, &currenttime);
 
 	/* check if we match this timestamp, we start by the days... */
 	if ((days_of_week[currenttime.tm_wday] & info->days_match) != days_of_week[currenttime.tm_wday])
@@ -102,11 +95,6 @@
 		printk("ipt_time: error, only valid for PRE_ROUTING, LOCAL_IN, FORWARD and OUTPUT)\n");
 		return 0;
 	}
-	/* we use the kerneltime if we are in forward or output */
-	info->kerneltime = 1;
-	if (hook_mask & ~((1 << NF_IP_FORWARD) | (1 << NF_IP_LOCAL_OUT))) 
-		/* we use the skb time */
-		info->kerneltime = 0;
 
 	/* Check the size */
 	if (matchsize != IPT_ALIGN(sizeof(struct ipt_time_info)))




More information about the netfilter-cvslog mailing list