Commit | Line | Data |
---|---|---|
ee4411a1 JE |
1 | /* |
2 | * xt_time | |
ba5dc275 | 3 | * Copyright © CC Computer Consultants GmbH, 2007 |
ee4411a1 JE |
4 | * |
5 | * based on ipt_time by Fabrice MARIE <fabrice@netfilter.org> | |
6 | * This is a module which is used for time matching | |
7 | * It is using some modified code from dietlibc (localtime() function) | |
8 | * that you can find at http://www.fefe.de/dietlibc/ | |
9 | * This file is distributed under the terms of the GNU General Public | |
10 | * License (GPL). Copies of the GPL can be obtained from gnu.org/gpl. | |
11 | */ | |
5191d70f AS |
12 | |
13 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt | |
14 | ||
ee4411a1 JE |
15 | #include <linux/ktime.h> |
16 | #include <linux/module.h> | |
17 | #include <linux/skbuff.h> | |
18 | #include <linux/types.h> | |
19 | #include <linux/netfilter/x_tables.h> | |
20 | #include <linux/netfilter/xt_time.h> | |
21 | ||
22 | struct xtm { | |
23 | u_int8_t month; /* (1-12) */ | |
24 | u_int8_t monthday; /* (1-31) */ | |
25 | u_int8_t weekday; /* (1-7) */ | |
26 | u_int8_t hour; /* (0-23) */ | |
27 | u_int8_t minute; /* (0-59) */ | |
28 | u_int8_t second; /* (0-59) */ | |
29 | unsigned int dse; | |
30 | }; | |
31 | ||
32 | extern struct timezone sys_tz; /* ouch */ | |
33 | ||
34 | static const u_int16_t days_since_year[] = { | |
35 | 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, | |
36 | }; | |
37 | ||
38 | static const u_int16_t days_since_leapyear[] = { | |
39 | 0, 31, 60, 91, 121, 152, 182, 213, 244, 274, 305, 335, | |
40 | }; | |
41 | ||
42 | /* | |
43 | * Since time progresses forward, it is best to organize this array in reverse, | |
44 | * to minimize lookup time. | |
45 | */ | |
46 | enum { | |
47 | DSE_FIRST = 2039, | |
54eb3df3 | 48 | SECONDS_PER_DAY = 86400, |
ee4411a1 JE |
49 | }; |
50 | static const u_int16_t days_since_epoch[] = { | |
51 | /* 2039 - 2030 */ | |
52 | 25202, 24837, 24472, 24106, 23741, 23376, 23011, 22645, 22280, 21915, | |
53 | /* 2029 - 2020 */ | |
54 | 21550, 21184, 20819, 20454, 20089, 19723, 19358, 18993, 18628, 18262, | |
55 | /* 2019 - 2010 */ | |
56 | 17897, 17532, 17167, 16801, 16436, 16071, 15706, 15340, 14975, 14610, | |
57 | /* 2009 - 2000 */ | |
58 | 14245, 13879, 13514, 13149, 12784, 12418, 12053, 11688, 11323, 10957, | |
59 | /* 1999 - 1990 */ | |
60 | 10592, 10227, 9862, 9496, 9131, 8766, 8401, 8035, 7670, 7305, | |
61 | /* 1989 - 1980 */ | |
62 | 6940, 6574, 6209, 5844, 5479, 5113, 4748, 4383, 4018, 3652, | |
63 | /* 1979 - 1970 */ | |
64 | 3287, 2922, 2557, 2191, 1826, 1461, 1096, 730, 365, 0, | |
65 | }; | |
66 | ||
67 | static inline bool is_leap(unsigned int y) | |
68 | { | |
69 | return y % 4 == 0 && (y % 100 != 0 || y % 400 == 0); | |
70 | } | |
71 | ||
72 | /* | |
73 | * Each network packet has a (nano)seconds-since-the-epoch (SSTE) timestamp. | |
74 | * Since we match against days and daytime, the SSTE value needs to be | |
75 | * computed back into human-readable dates. | |
76 | * | |
77 | * This is done in three separate functions so that the most expensive | |
78 | * calculations are done last, in case a "simple match" can be found earlier. | |
79 | */ | |
80 | static inline unsigned int localtime_1(struct xtm *r, time_t time) | |
81 | { | |
82 | unsigned int v, w; | |
83 | ||
84 | /* Each day has 86400s, so finding the hour/minute is actually easy. */ | |
54eb3df3 | 85 | v = time % SECONDS_PER_DAY; |
ee4411a1 JE |
86 | r->second = v % 60; |
87 | w = v / 60; | |
88 | r->minute = w % 60; | |
89 | r->hour = w / 60; | |
90 | return v; | |
91 | } | |
92 | ||
93 | static inline void localtime_2(struct xtm *r, time_t time) | |
94 | { | |
95 | /* | |
96 | * Here comes the rest (weekday, monthday). First, divide the SSTE | |
97 | * by seconds-per-day to get the number of _days_ since the epoch. | |
98 | */ | |
99 | r->dse = time / 86400; | |
100 | ||
4f4c9430 JE |
101 | /* |
102 | * 1970-01-01 (w=0) was a Thursday (4). | |
103 | * -1 and +1 map Sunday properly onto 7. | |
104 | */ | |
105 | r->weekday = (4 + r->dse - 1) % 7 + 1; | |
ee4411a1 JE |
106 | } |
107 | ||
108 | static void localtime_3(struct xtm *r, time_t time) | |
109 | { | |
110 | unsigned int year, i, w = r->dse; | |
111 | ||
112 | /* | |
113 | * In each year, a certain number of days-since-the-epoch have passed. | |
114 | * Find the year that is closest to said days. | |
115 | * | |
116 | * Consider, for example, w=21612 (2029-03-04). Loop will abort on | |
117 | * dse[i] <= w, which happens when dse[i] == 21550. This implies | |
118 | * year == 2009. w will then be 62. | |
119 | */ | |
120 | for (i = 0, year = DSE_FIRST; days_since_epoch[i] > w; | |
121 | ++i, --year) | |
122 | /* just loop */; | |
123 | ||
124 | w -= days_since_epoch[i]; | |
125 | ||
126 | /* | |
127 | * By now we have the current year, and the day of the year. | |
128 | * r->yearday = w; | |
129 | * | |
130 | * On to finding the month (like above). In each month, a certain | |
131 | * number of days-since-New Year have passed, and find the closest | |
132 | * one. | |
133 | * | |
134 | * Consider w=62 (in a non-leap year). Loop will abort on | |
135 | * dsy[i] < w, which happens when dsy[i] == 31+28 (i == 2). | |
136 | * Concludes i == 2, i.e. 3rd month => March. | |
137 | * | |
138 | * (A different approach to use would be to subtract a monthlength | |
139 | * from w repeatedly while counting.) | |
140 | */ | |
141 | if (is_leap(year)) { | |
2cdc5575 | 142 | /* use days_since_leapyear[] in a leap year */ |
ee4411a1 | 143 | for (i = ARRAY_SIZE(days_since_leapyear) - 1; |
2cdc5575 | 144 | i > 0 && days_since_leapyear[i] > w; --i) |
ee4411a1 | 145 | /* just loop */; |
2cdc5575 | 146 | r->monthday = w - days_since_leapyear[i] + 1; |
ee4411a1 JE |
147 | } else { |
148 | for (i = ARRAY_SIZE(days_since_year) - 1; | |
149 | i > 0 && days_since_year[i] > w; --i) | |
150 | /* just loop */; | |
2cdc5575 | 151 | r->monthday = w - days_since_year[i] + 1; |
ee4411a1 JE |
152 | } |
153 | ||
154 | r->month = i + 1; | |
ee4411a1 JE |
155 | } |
156 | ||
d3c5ee6d | 157 | static bool |
62fc8051 | 158 | time_mt(const struct sk_buff *skb, struct xt_action_param *par) |
ee4411a1 | 159 | { |
f7108a20 | 160 | const struct xt_time_info *info = par->matchinfo; |
ee4411a1 JE |
161 | unsigned int packet_time; |
162 | struct xtm current_time; | |
163 | s64 stamp; | |
164 | ||
165 | /* | |
916f6efa FW |
166 | * We need real time here, but we can neither use skb->tstamp |
167 | * nor __net_timestamp(). | |
168 | * | |
169 | * skb->tstamp and skb->skb_mstamp_ns overlap, however, they | |
170 | * use different clock types (real vs monotonic). | |
171 | * | |
ee4411a1 | 172 | * Suppose you have two rules: |
916f6efa FW |
173 | * 1. match before 13:00 |
174 | * 2. match after 13:00 | |
175 | * | |
ee4411a1 JE |
176 | * If you match against processing time (get_seconds) it |
177 | * may happen that the same packet matches both rules if | |
916f6efa FW |
178 | * it arrived at the right moment before 13:00, so it would be |
179 | * better to check skb->tstamp and set it via __net_timestamp() | |
180 | * if needed. This however breaks outgoing packets tx timestamp, | |
181 | * and causes them to get delayed forever by fq packet scheduler. | |
ee4411a1 | 182 | */ |
916f6efa | 183 | stamp = get_seconds(); |
ee4411a1 JE |
184 | |
185 | if (info->flags & XT_TIME_LOCAL_TZ) | |
186 | /* Adjust for local timezone */ | |
187 | stamp -= 60 * sys_tz.tz_minuteswest; | |
188 | ||
189 | /* | |
190 | * xt_time will match when _all_ of the following hold: | |
191 | * - 'now' is in the global time range date_start..date_end | |
192 | * - 'now' is in the monthday mask | |
193 | * - 'now' is in the weekday mask | |
194 | * - 'now' is in the daytime range time_start..time_end | |
195 | * (and by default, libxt_time will set these so as to match) | |
196 | */ | |
197 | ||
198 | if (stamp < info->date_start || stamp > info->date_stop) | |
199 | return false; | |
200 | ||
201 | packet_time = localtime_1(¤t_time, stamp); | |
202 | ||
203 | if (info->daytime_start < info->daytime_stop) { | |
204 | if (packet_time < info->daytime_start || | |
205 | packet_time > info->daytime_stop) | |
206 | return false; | |
207 | } else { | |
208 | if (packet_time < info->daytime_start && | |
209 | packet_time > info->daytime_stop) | |
210 | return false; | |
54eb3df3 FW |
211 | |
212 | /** if user asked to ignore 'next day', then e.g. | |
213 | * '1 PM Wed, August 1st' should be treated | |
214 | * like 'Tue 1 PM July 31st'. | |
215 | * | |
216 | * This also causes | |
217 | * 'Monday, "23:00 to 01:00", to match for 2 hours, starting | |
218 | * Monday 23:00 to Tuesday 01:00. | |
219 | */ | |
220 | if ((info->flags & XT_TIME_CONTIGUOUS) && | |
221 | packet_time <= info->daytime_stop) | |
222 | stamp -= SECONDS_PER_DAY; | |
ee4411a1 JE |
223 | } |
224 | ||
225 | localtime_2(¤t_time, stamp); | |
226 | ||
227 | if (!(info->weekdays_match & (1 << current_time.weekday))) | |
228 | return false; | |
229 | ||
230 | /* Do not spend time computing monthday if all days match anyway */ | |
231 | if (info->monthdays_match != XT_TIME_ALL_MONTHDAYS) { | |
232 | localtime_3(¤t_time, stamp); | |
233 | if (!(info->monthdays_match & (1 << current_time.monthday))) | |
234 | return false; | |
235 | } | |
236 | ||
237 | return true; | |
238 | } | |
239 | ||
b0f38452 | 240 | static int time_mt_check(const struct xt_mtchk_param *par) |
ee4411a1 | 241 | { |
9b4fce7a | 242 | const struct xt_time_info *info = par->matchinfo; |
ee4411a1 JE |
243 | |
244 | if (info->daytime_start > XT_TIME_MAX_DAYTIME || | |
245 | info->daytime_stop > XT_TIME_MAX_DAYTIME) { | |
b2606644 | 246 | pr_info_ratelimited("invalid argument - start or stop time greater than 23:59:59\n"); |
4a5a5c73 | 247 | return -EDOM; |
ee4411a1 JE |
248 | } |
249 | ||
54eb3df3 | 250 | if (info->flags & ~XT_TIME_ALL_FLAGS) { |
b2606644 FW |
251 | pr_info_ratelimited("unknown flags 0x%x\n", |
252 | info->flags & ~XT_TIME_ALL_FLAGS); | |
54eb3df3 FW |
253 | return -EINVAL; |
254 | } | |
255 | ||
256 | if ((info->flags & XT_TIME_CONTIGUOUS) && | |
257 | info->daytime_start < info->daytime_stop) | |
258 | return -EINVAL; | |
259 | ||
bd414ee6 | 260 | return 0; |
ee4411a1 JE |
261 | } |
262 | ||
55b69e91 JE |
263 | static struct xt_match xt_time_mt_reg __read_mostly = { |
264 | .name = "time", | |
265 | .family = NFPROTO_UNSPEC, | |
266 | .match = time_mt, | |
267 | .checkentry = time_mt_check, | |
268 | .matchsize = sizeof(struct xt_time_info), | |
269 | .me = THIS_MODULE, | |
ee4411a1 JE |
270 | }; |
271 | ||
d3c5ee6d | 272 | static int __init time_mt_init(void) |
ee4411a1 | 273 | { |
e6210f3b JE |
274 | int minutes = sys_tz.tz_minuteswest; |
275 | ||
276 | if (minutes < 0) /* east of Greenwich */ | |
5191d70f AS |
277 | pr_info("kernel timezone is +%02d%02d\n", |
278 | -minutes / 60, -minutes % 60); | |
e6210f3b | 279 | else /* west of Greenwich */ |
5191d70f AS |
280 | pr_info("kernel timezone is -%02d%02d\n", |
281 | minutes / 60, minutes % 60); | |
e6210f3b | 282 | |
55b69e91 | 283 | return xt_register_match(&xt_time_mt_reg); |
ee4411a1 JE |
284 | } |
285 | ||
d3c5ee6d | 286 | static void __exit time_mt_exit(void) |
ee4411a1 | 287 | { |
55b69e91 | 288 | xt_unregister_match(&xt_time_mt_reg); |
ee4411a1 JE |
289 | } |
290 | ||
d3c5ee6d JE |
291 | module_init(time_mt_init); |
292 | module_exit(time_mt_exit); | |
408ffaa4 | 293 | MODULE_AUTHOR("Jan Engelhardt <jengelh@medozas.de>"); |
2ae15b64 | 294 | MODULE_DESCRIPTION("Xtables: time-based matching"); |
ee4411a1 JE |
295 | MODULE_LICENSE("GPL"); |
296 | MODULE_ALIAS("ipt_time"); | |
297 | MODULE_ALIAS("ip6t_time"); |