Commit | Line | Data |
---|---|---|
ee4411a1 JE |
1 | /* |
2 | * xt_time | |
ba5dc275 JE |
3 | * Copyright © CC Computer Consultants GmbH, 2007 |
4 | * Contact: <jengelh@computergmbh.de> | |
ee4411a1 JE |
5 | * |
6 | * based on ipt_time by Fabrice MARIE <fabrice@netfilter.org> | |
7 | * This is a module which is used for time matching | |
8 | * It is using some modified code from dietlibc (localtime() function) | |
9 | * that you can find at http://www.fefe.de/dietlibc/ | |
10 | * This file is distributed under the terms of the GNU General Public | |
11 | * License (GPL). Copies of the GPL can be obtained from gnu.org/gpl. | |
12 | */ | |
13 | #include <linux/ktime.h> | |
14 | #include <linux/module.h> | |
15 | #include <linux/skbuff.h> | |
16 | #include <linux/types.h> | |
17 | #include <linux/netfilter/x_tables.h> | |
18 | #include <linux/netfilter/xt_time.h> | |
19 | ||
20 | struct xtm { | |
21 | u_int8_t month; /* (1-12) */ | |
22 | u_int8_t monthday; /* (1-31) */ | |
23 | u_int8_t weekday; /* (1-7) */ | |
24 | u_int8_t hour; /* (0-23) */ | |
25 | u_int8_t minute; /* (0-59) */ | |
26 | u_int8_t second; /* (0-59) */ | |
27 | unsigned int dse; | |
28 | }; | |
29 | ||
30 | extern struct timezone sys_tz; /* ouch */ | |
31 | ||
32 | static const u_int16_t days_since_year[] = { | |
33 | 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, | |
34 | }; | |
35 | ||
36 | static const u_int16_t days_since_leapyear[] = { | |
37 | 0, 31, 60, 91, 121, 152, 182, 213, 244, 274, 305, 335, | |
38 | }; | |
39 | ||
40 | /* | |
41 | * Since time progresses forward, it is best to organize this array in reverse, | |
42 | * to minimize lookup time. | |
43 | */ | |
44 | enum { | |
45 | DSE_FIRST = 2039, | |
46 | }; | |
47 | static const u_int16_t days_since_epoch[] = { | |
48 | /* 2039 - 2030 */ | |
49 | 25202, 24837, 24472, 24106, 23741, 23376, 23011, 22645, 22280, 21915, | |
50 | /* 2029 - 2020 */ | |
51 | 21550, 21184, 20819, 20454, 20089, 19723, 19358, 18993, 18628, 18262, | |
52 | /* 2019 - 2010 */ | |
53 | 17897, 17532, 17167, 16801, 16436, 16071, 15706, 15340, 14975, 14610, | |
54 | /* 2009 - 2000 */ | |
55 | 14245, 13879, 13514, 13149, 12784, 12418, 12053, 11688, 11323, 10957, | |
56 | /* 1999 - 1990 */ | |
57 | 10592, 10227, 9862, 9496, 9131, 8766, 8401, 8035, 7670, 7305, | |
58 | /* 1989 - 1980 */ | |
59 | 6940, 6574, 6209, 5844, 5479, 5113, 4748, 4383, 4018, 3652, | |
60 | /* 1979 - 1970 */ | |
61 | 3287, 2922, 2557, 2191, 1826, 1461, 1096, 730, 365, 0, | |
62 | }; | |
63 | ||
64 | static inline bool is_leap(unsigned int y) | |
65 | { | |
66 | return y % 4 == 0 && (y % 100 != 0 || y % 400 == 0); | |
67 | } | |
68 | ||
69 | /* | |
70 | * Each network packet has a (nano)seconds-since-the-epoch (SSTE) timestamp. | |
71 | * Since we match against days and daytime, the SSTE value needs to be | |
72 | * computed back into human-readable dates. | |
73 | * | |
74 | * This is done in three separate functions so that the most expensive | |
75 | * calculations are done last, in case a "simple match" can be found earlier. | |
76 | */ | |
77 | static inline unsigned int localtime_1(struct xtm *r, time_t time) | |
78 | { | |
79 | unsigned int v, w; | |
80 | ||
81 | /* Each day has 86400s, so finding the hour/minute is actually easy. */ | |
82 | v = time % 86400; | |
83 | r->second = v % 60; | |
84 | w = v / 60; | |
85 | r->minute = w % 60; | |
86 | r->hour = w / 60; | |
87 | return v; | |
88 | } | |
89 | ||
90 | static inline void localtime_2(struct xtm *r, time_t time) | |
91 | { | |
92 | /* | |
93 | * Here comes the rest (weekday, monthday). First, divide the SSTE | |
94 | * by seconds-per-day to get the number of _days_ since the epoch. | |
95 | */ | |
96 | r->dse = time / 86400; | |
97 | ||
4f4c9430 JE |
98 | /* |
99 | * 1970-01-01 (w=0) was a Thursday (4). | |
100 | * -1 and +1 map Sunday properly onto 7. | |
101 | */ | |
102 | r->weekday = (4 + r->dse - 1) % 7 + 1; | |
ee4411a1 JE |
103 | } |
104 | ||
105 | static void localtime_3(struct xtm *r, time_t time) | |
106 | { | |
107 | unsigned int year, i, w = r->dse; | |
108 | ||
109 | /* | |
110 | * In each year, a certain number of days-since-the-epoch have passed. | |
111 | * Find the year that is closest to said days. | |
112 | * | |
113 | * Consider, for example, w=21612 (2029-03-04). Loop will abort on | |
114 | * dse[i] <= w, which happens when dse[i] == 21550. This implies | |
115 | * year == 2009. w will then be 62. | |
116 | */ | |
117 | for (i = 0, year = DSE_FIRST; days_since_epoch[i] > w; | |
118 | ++i, --year) | |
119 | /* just loop */; | |
120 | ||
121 | w -= days_since_epoch[i]; | |
122 | ||
123 | /* | |
124 | * By now we have the current year, and the day of the year. | |
125 | * r->yearday = w; | |
126 | * | |
127 | * On to finding the month (like above). In each month, a certain | |
128 | * number of days-since-New Year have passed, and find the closest | |
129 | * one. | |
130 | * | |
131 | * Consider w=62 (in a non-leap year). Loop will abort on | |
132 | * dsy[i] < w, which happens when dsy[i] == 31+28 (i == 2). | |
133 | * Concludes i == 2, i.e. 3rd month => March. | |
134 | * | |
135 | * (A different approach to use would be to subtract a monthlength | |
136 | * from w repeatedly while counting.) | |
137 | */ | |
138 | if (is_leap(year)) { | |
2cdc5575 | 139 | /* use days_since_leapyear[] in a leap year */ |
ee4411a1 | 140 | for (i = ARRAY_SIZE(days_since_leapyear) - 1; |
2cdc5575 | 141 | i > 0 && days_since_leapyear[i] > w; --i) |
ee4411a1 | 142 | /* just loop */; |
2cdc5575 | 143 | r->monthday = w - days_since_leapyear[i] + 1; |
ee4411a1 JE |
144 | } else { |
145 | for (i = ARRAY_SIZE(days_since_year) - 1; | |
146 | i > 0 && days_since_year[i] > w; --i) | |
147 | /* just loop */; | |
2cdc5575 | 148 | r->monthday = w - days_since_year[i] + 1; |
ee4411a1 JE |
149 | } |
150 | ||
151 | r->month = i + 1; | |
ee4411a1 JE |
152 | return; |
153 | } | |
154 | ||
d3c5ee6d | 155 | static bool |
f7108a20 | 156 | time_mt(const struct sk_buff *skb, const struct xt_match_param *par) |
ee4411a1 | 157 | { |
f7108a20 | 158 | const struct xt_time_info *info = par->matchinfo; |
ee4411a1 JE |
159 | unsigned int packet_time; |
160 | struct xtm current_time; | |
161 | s64 stamp; | |
162 | ||
163 | /* | |
164 | * We cannot use get_seconds() instead of __net_timestamp() here. | |
165 | * Suppose you have two rules: | |
166 | * 1. match before 13:00 | |
167 | * 2. match after 13:00 | |
168 | * If you match against processing time (get_seconds) it | |
169 | * may happen that the same packet matches both rules if | |
170 | * it arrived at the right moment before 13:00. | |
171 | */ | |
172 | if (skb->tstamp.tv64 == 0) | |
173 | __net_timestamp((struct sk_buff *)skb); | |
174 | ||
53756524 | 175 | stamp = ktime_to_ns(skb->tstamp); |
280763c0 | 176 | stamp = div_s64(stamp, NSEC_PER_SEC); |
ee4411a1 JE |
177 | |
178 | if (info->flags & XT_TIME_LOCAL_TZ) | |
179 | /* Adjust for local timezone */ | |
180 | stamp -= 60 * sys_tz.tz_minuteswest; | |
181 | ||
182 | /* | |
183 | * xt_time will match when _all_ of the following hold: | |
184 | * - 'now' is in the global time range date_start..date_end | |
185 | * - 'now' is in the monthday mask | |
186 | * - 'now' is in the weekday mask | |
187 | * - 'now' is in the daytime range time_start..time_end | |
188 | * (and by default, libxt_time will set these so as to match) | |
189 | */ | |
190 | ||
191 | if (stamp < info->date_start || stamp > info->date_stop) | |
192 | return false; | |
193 | ||
194 | packet_time = localtime_1(¤t_time, stamp); | |
195 | ||
196 | if (info->daytime_start < info->daytime_stop) { | |
197 | if (packet_time < info->daytime_start || | |
198 | packet_time > info->daytime_stop) | |
199 | return false; | |
200 | } else { | |
201 | if (packet_time < info->daytime_start && | |
202 | packet_time > info->daytime_stop) | |
203 | return false; | |
204 | } | |
205 | ||
206 | localtime_2(¤t_time, stamp); | |
207 | ||
208 | if (!(info->weekdays_match & (1 << current_time.weekday))) | |
209 | return false; | |
210 | ||
211 | /* Do not spend time computing monthday if all days match anyway */ | |
212 | if (info->monthdays_match != XT_TIME_ALL_MONTHDAYS) { | |
213 | localtime_3(¤t_time, stamp); | |
214 | if (!(info->monthdays_match & (1 << current_time.monthday))) | |
215 | return false; | |
216 | } | |
217 | ||
218 | return true; | |
219 | } | |
220 | ||
9b4fce7a | 221 | static bool time_mt_check(const struct xt_mtchk_param *par) |
ee4411a1 | 222 | { |
9b4fce7a | 223 | const struct xt_time_info *info = par->matchinfo; |
ee4411a1 JE |
224 | |
225 | if (info->daytime_start > XT_TIME_MAX_DAYTIME || | |
226 | info->daytime_stop > XT_TIME_MAX_DAYTIME) { | |
227 | printk(KERN_WARNING "xt_time: invalid argument - start or " | |
228 | "stop time greater than 23:59:59\n"); | |
229 | return false; | |
230 | } | |
231 | ||
232 | return true; | |
233 | } | |
234 | ||
55b69e91 JE |
235 | static struct xt_match xt_time_mt_reg __read_mostly = { |
236 | .name = "time", | |
237 | .family = NFPROTO_UNSPEC, | |
238 | .match = time_mt, | |
239 | .checkentry = time_mt_check, | |
240 | .matchsize = sizeof(struct xt_time_info), | |
241 | .me = THIS_MODULE, | |
ee4411a1 JE |
242 | }; |
243 | ||
d3c5ee6d | 244 | static int __init time_mt_init(void) |
ee4411a1 | 245 | { |
e6210f3b JE |
246 | int minutes = sys_tz.tz_minuteswest; |
247 | ||
248 | if (minutes < 0) /* east of Greenwich */ | |
249 | printk(KERN_INFO KBUILD_MODNAME | |
250 | ": kernel timezone is +%02d%02d\n", | |
251 | -minutes / 60, -minutes % 60); | |
252 | else /* west of Greenwich */ | |
253 | printk(KERN_INFO KBUILD_MODNAME | |
254 | ": kernel timezone is -%02d%02d\n", | |
255 | minutes / 60, minutes % 60); | |
256 | ||
55b69e91 | 257 | return xt_register_match(&xt_time_mt_reg); |
ee4411a1 JE |
258 | } |
259 | ||
d3c5ee6d | 260 | static void __exit time_mt_exit(void) |
ee4411a1 | 261 | { |
55b69e91 | 262 | xt_unregister_match(&xt_time_mt_reg); |
ee4411a1 JE |
263 | } |
264 | ||
d3c5ee6d JE |
265 | module_init(time_mt_init); |
266 | module_exit(time_mt_exit); | |
ee4411a1 | 267 | MODULE_AUTHOR("Jan Engelhardt <jengelh@computergmbh.de>"); |
2ae15b64 | 268 | MODULE_DESCRIPTION("Xtables: time-based matching"); |
ee4411a1 JE |
269 | MODULE_LICENSE("GPL"); |
270 | MODULE_ALIAS("ipt_time"); | |
271 | MODULE_ALIAS("ip6t_time"); |