Commit | Line | Data |
---|---|---|
ee4411a1 JE |
1 | /* |
2 | * xt_time | |
ba5dc275 | 3 | * Copyright © CC Computer Consultants GmbH, 2007 |
ee4411a1 JE |
4 | * |
5 | * based on ipt_time by Fabrice MARIE <fabrice@netfilter.org> | |
6 | * This is a module which is used for time matching | |
7 | * It is using some modified code from dietlibc (localtime() function) | |
8 | * that you can find at http://www.fefe.de/dietlibc/ | |
9 | * This file is distributed under the terms of the GNU General Public | |
10 | * License (GPL). Copies of the GPL can be obtained from gnu.org/gpl. | |
11 | */ | |
12 | #include <linux/ktime.h> | |
13 | #include <linux/module.h> | |
14 | #include <linux/skbuff.h> | |
15 | #include <linux/types.h> | |
16 | #include <linux/netfilter/x_tables.h> | |
17 | #include <linux/netfilter/xt_time.h> | |
18 | ||
19 | struct xtm { | |
20 | u_int8_t month; /* (1-12) */ | |
21 | u_int8_t monthday; /* (1-31) */ | |
22 | u_int8_t weekday; /* (1-7) */ | |
23 | u_int8_t hour; /* (0-23) */ | |
24 | u_int8_t minute; /* (0-59) */ | |
25 | u_int8_t second; /* (0-59) */ | |
26 | unsigned int dse; | |
27 | }; | |
28 | ||
29 | extern struct timezone sys_tz; /* ouch */ | |
30 | ||
31 | static const u_int16_t days_since_year[] = { | |
32 | 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, | |
33 | }; | |
34 | ||
35 | static const u_int16_t days_since_leapyear[] = { | |
36 | 0, 31, 60, 91, 121, 152, 182, 213, 244, 274, 305, 335, | |
37 | }; | |
38 | ||
39 | /* | |
40 | * Since time progresses forward, it is best to organize this array in reverse, | |
41 | * to minimize lookup time. | |
42 | */ | |
43 | enum { | |
44 | DSE_FIRST = 2039, | |
54eb3df3 | 45 | SECONDS_PER_DAY = 86400, |
ee4411a1 JE |
46 | }; |
47 | static const u_int16_t days_since_epoch[] = { | |
48 | /* 2039 - 2030 */ | |
49 | 25202, 24837, 24472, 24106, 23741, 23376, 23011, 22645, 22280, 21915, | |
50 | /* 2029 - 2020 */ | |
51 | 21550, 21184, 20819, 20454, 20089, 19723, 19358, 18993, 18628, 18262, | |
52 | /* 2019 - 2010 */ | |
53 | 17897, 17532, 17167, 16801, 16436, 16071, 15706, 15340, 14975, 14610, | |
54 | /* 2009 - 2000 */ | |
55 | 14245, 13879, 13514, 13149, 12784, 12418, 12053, 11688, 11323, 10957, | |
56 | /* 1999 - 1990 */ | |
57 | 10592, 10227, 9862, 9496, 9131, 8766, 8401, 8035, 7670, 7305, | |
58 | /* 1989 - 1980 */ | |
59 | 6940, 6574, 6209, 5844, 5479, 5113, 4748, 4383, 4018, 3652, | |
60 | /* 1979 - 1970 */ | |
61 | 3287, 2922, 2557, 2191, 1826, 1461, 1096, 730, 365, 0, | |
62 | }; | |
63 | ||
64 | static inline bool is_leap(unsigned int y) | |
65 | { | |
66 | return y % 4 == 0 && (y % 100 != 0 || y % 400 == 0); | |
67 | } | |
68 | ||
69 | /* | |
70 | * Each network packet has a (nano)seconds-since-the-epoch (SSTE) timestamp. | |
71 | * Since we match against days and daytime, the SSTE value needs to be | |
72 | * computed back into human-readable dates. | |
73 | * | |
74 | * This is done in three separate functions so that the most expensive | |
75 | * calculations are done last, in case a "simple match" can be found earlier. | |
76 | */ | |
77 | static inline unsigned int localtime_1(struct xtm *r, time_t time) | |
78 | { | |
79 | unsigned int v, w; | |
80 | ||
81 | /* Each day has 86400s, so finding the hour/minute is actually easy. */ | |
54eb3df3 | 82 | v = time % SECONDS_PER_DAY; |
ee4411a1 JE |
83 | r->second = v % 60; |
84 | w = v / 60; | |
85 | r->minute = w % 60; | |
86 | r->hour = w / 60; | |
87 | return v; | |
88 | } | |
89 | ||
90 | static inline void localtime_2(struct xtm *r, time_t time) | |
91 | { | |
92 | /* | |
93 | * Here comes the rest (weekday, monthday). First, divide the SSTE | |
94 | * by seconds-per-day to get the number of _days_ since the epoch. | |
95 | */ | |
96 | r->dse = time / 86400; | |
97 | ||
4f4c9430 JE |
98 | /* |
99 | * 1970-01-01 (w=0) was a Thursday (4). | |
100 | * -1 and +1 map Sunday properly onto 7. | |
101 | */ | |
102 | r->weekday = (4 + r->dse - 1) % 7 + 1; | |
ee4411a1 JE |
103 | } |
104 | ||
105 | static void localtime_3(struct xtm *r, time_t time) | |
106 | { | |
107 | unsigned int year, i, w = r->dse; | |
108 | ||
109 | /* | |
110 | * In each year, a certain number of days-since-the-epoch have passed. | |
111 | * Find the year that is closest to said days. | |
112 | * | |
113 | * Consider, for example, w=21612 (2029-03-04). Loop will abort on | |
114 | * dse[i] <= w, which happens when dse[i] == 21550. This implies | |
115 | * year == 2009. w will then be 62. | |
116 | */ | |
117 | for (i = 0, year = DSE_FIRST; days_since_epoch[i] > w; | |
118 | ++i, --year) | |
119 | /* just loop */; | |
120 | ||
121 | w -= days_since_epoch[i]; | |
122 | ||
123 | /* | |
124 | * By now we have the current year, and the day of the year. | |
125 | * r->yearday = w; | |
126 | * | |
127 | * On to finding the month (like above). In each month, a certain | |
128 | * number of days-since-New Year have passed, and find the closest | |
129 | * one. | |
130 | * | |
131 | * Consider w=62 (in a non-leap year). Loop will abort on | |
132 | * dsy[i] < w, which happens when dsy[i] == 31+28 (i == 2). | |
133 | * Concludes i == 2, i.e. 3rd month => March. | |
134 | * | |
135 | * (A different approach to use would be to subtract a monthlength | |
136 | * from w repeatedly while counting.) | |
137 | */ | |
138 | if (is_leap(year)) { | |
2cdc5575 | 139 | /* use days_since_leapyear[] in a leap year */ |
ee4411a1 | 140 | for (i = ARRAY_SIZE(days_since_leapyear) - 1; |
2cdc5575 | 141 | i > 0 && days_since_leapyear[i] > w; --i) |
ee4411a1 | 142 | /* just loop */; |
2cdc5575 | 143 | r->monthday = w - days_since_leapyear[i] + 1; |
ee4411a1 JE |
144 | } else { |
145 | for (i = ARRAY_SIZE(days_since_year) - 1; | |
146 | i > 0 && days_since_year[i] > w; --i) | |
147 | /* just loop */; | |
2cdc5575 | 148 | r->monthday = w - days_since_year[i] + 1; |
ee4411a1 JE |
149 | } |
150 | ||
151 | r->month = i + 1; | |
ee4411a1 JE |
152 | } |
153 | ||
d3c5ee6d | 154 | static bool |
62fc8051 | 155 | time_mt(const struct sk_buff *skb, struct xt_action_param *par) |
ee4411a1 | 156 | { |
f7108a20 | 157 | const struct xt_time_info *info = par->matchinfo; |
ee4411a1 JE |
158 | unsigned int packet_time; |
159 | struct xtm current_time; | |
160 | s64 stamp; | |
161 | ||
162 | /* | |
163 | * We cannot use get_seconds() instead of __net_timestamp() here. | |
164 | * Suppose you have two rules: | |
165 | * 1. match before 13:00 | |
166 | * 2. match after 13:00 | |
167 | * If you match against processing time (get_seconds) it | |
168 | * may happen that the same packet matches both rules if | |
169 | * it arrived at the right moment before 13:00. | |
170 | */ | |
171 | if (skb->tstamp.tv64 == 0) | |
172 | __net_timestamp((struct sk_buff *)skb); | |
173 | ||
53756524 | 174 | stamp = ktime_to_ns(skb->tstamp); |
280763c0 | 175 | stamp = div_s64(stamp, NSEC_PER_SEC); |
ee4411a1 JE |
176 | |
177 | if (info->flags & XT_TIME_LOCAL_TZ) | |
178 | /* Adjust for local timezone */ | |
179 | stamp -= 60 * sys_tz.tz_minuteswest; | |
180 | ||
181 | /* | |
182 | * xt_time will match when _all_ of the following hold: | |
183 | * - 'now' is in the global time range date_start..date_end | |
184 | * - 'now' is in the monthday mask | |
185 | * - 'now' is in the weekday mask | |
186 | * - 'now' is in the daytime range time_start..time_end | |
187 | * (and by default, libxt_time will set these so as to match) | |
188 | */ | |
189 | ||
190 | if (stamp < info->date_start || stamp > info->date_stop) | |
191 | return false; | |
192 | ||
193 | packet_time = localtime_1(¤t_time, stamp); | |
194 | ||
195 | if (info->daytime_start < info->daytime_stop) { | |
196 | if (packet_time < info->daytime_start || | |
197 | packet_time > info->daytime_stop) | |
198 | return false; | |
199 | } else { | |
200 | if (packet_time < info->daytime_start && | |
201 | packet_time > info->daytime_stop) | |
202 | return false; | |
54eb3df3 FW |
203 | |
204 | /** if user asked to ignore 'next day', then e.g. | |
205 | * '1 PM Wed, August 1st' should be treated | |
206 | * like 'Tue 1 PM July 31st'. | |
207 | * | |
208 | * This also causes | |
209 | * 'Monday, "23:00 to 01:00", to match for 2 hours, starting | |
210 | * Monday 23:00 to Tuesday 01:00. | |
211 | */ | |
212 | if ((info->flags & XT_TIME_CONTIGUOUS) && | |
213 | packet_time <= info->daytime_stop) | |
214 | stamp -= SECONDS_PER_DAY; | |
ee4411a1 JE |
215 | } |
216 | ||
217 | localtime_2(¤t_time, stamp); | |
218 | ||
219 | if (!(info->weekdays_match & (1 << current_time.weekday))) | |
220 | return false; | |
221 | ||
222 | /* Do not spend time computing monthday if all days match anyway */ | |
223 | if (info->monthdays_match != XT_TIME_ALL_MONTHDAYS) { | |
224 | localtime_3(¤t_time, stamp); | |
225 | if (!(info->monthdays_match & (1 << current_time.monthday))) | |
226 | return false; | |
227 | } | |
228 | ||
229 | return true; | |
230 | } | |
231 | ||
b0f38452 | 232 | static int time_mt_check(const struct xt_mtchk_param *par) |
ee4411a1 | 233 | { |
9b4fce7a | 234 | const struct xt_time_info *info = par->matchinfo; |
ee4411a1 JE |
235 | |
236 | if (info->daytime_start > XT_TIME_MAX_DAYTIME || | |
237 | info->daytime_stop > XT_TIME_MAX_DAYTIME) { | |
ff67e4e4 JE |
238 | pr_info("invalid argument - start or " |
239 | "stop time greater than 23:59:59\n"); | |
4a5a5c73 | 240 | return -EDOM; |
ee4411a1 JE |
241 | } |
242 | ||
54eb3df3 FW |
243 | if (info->flags & ~XT_TIME_ALL_FLAGS) { |
244 | pr_info("unknown flags 0x%x\n", info->flags & ~XT_TIME_ALL_FLAGS); | |
245 | return -EINVAL; | |
246 | } | |
247 | ||
248 | if ((info->flags & XT_TIME_CONTIGUOUS) && | |
249 | info->daytime_start < info->daytime_stop) | |
250 | return -EINVAL; | |
251 | ||
bd414ee6 | 252 | return 0; |
ee4411a1 JE |
253 | } |
254 | ||
55b69e91 JE |
255 | static struct xt_match xt_time_mt_reg __read_mostly = { |
256 | .name = "time", | |
257 | .family = NFPROTO_UNSPEC, | |
258 | .match = time_mt, | |
259 | .checkentry = time_mt_check, | |
260 | .matchsize = sizeof(struct xt_time_info), | |
261 | .me = THIS_MODULE, | |
ee4411a1 JE |
262 | }; |
263 | ||
d3c5ee6d | 264 | static int __init time_mt_init(void) |
ee4411a1 | 265 | { |
e6210f3b JE |
266 | int minutes = sys_tz.tz_minuteswest; |
267 | ||
268 | if (minutes < 0) /* east of Greenwich */ | |
269 | printk(KERN_INFO KBUILD_MODNAME | |
270 | ": kernel timezone is +%02d%02d\n", | |
271 | -minutes / 60, -minutes % 60); | |
272 | else /* west of Greenwich */ | |
273 | printk(KERN_INFO KBUILD_MODNAME | |
274 | ": kernel timezone is -%02d%02d\n", | |
275 | minutes / 60, minutes % 60); | |
276 | ||
55b69e91 | 277 | return xt_register_match(&xt_time_mt_reg); |
ee4411a1 JE |
278 | } |
279 | ||
d3c5ee6d | 280 | static void __exit time_mt_exit(void) |
ee4411a1 | 281 | { |
55b69e91 | 282 | xt_unregister_match(&xt_time_mt_reg); |
ee4411a1 JE |
283 | } |
284 | ||
d3c5ee6d JE |
285 | module_init(time_mt_init); |
286 | module_exit(time_mt_exit); | |
408ffaa4 | 287 | MODULE_AUTHOR("Jan Engelhardt <jengelh@medozas.de>"); |
2ae15b64 | 288 | MODULE_DESCRIPTION("Xtables: time-based matching"); |
ee4411a1 JE |
289 | MODULE_LICENSE("GPL"); |
290 | MODULE_ALIAS("ipt_time"); | |
291 | MODULE_ALIAS("ip6t_time"); |