Re: PROBLEM: Netfilter time matching matches all packets when time start and time stop is the same

Michal Kubecek <mkubecek@xxxxxxx> · Thu, 1 Aug 2013 13:24:44 +0200

On Wed, Jul 31, 2013 at 04:42:15PM +0800, Henry Lee wrote:
> diff --git a/net/netfilter/xt_time.c b/net/netfilter/xt_time.c
> index 0ae55a3..753573c 100644
> --- a/net/netfilter/xt_time.c
> +++ b/net/netfilter/xt_time.c
> @@ -192,7 +192,7 @@ time_mt(const struct sk_buff *skb, struct
> xt_action_param *par)
> 
>      packet_time = localtime_1(&current_time, stamp);
> 
> -   if (info->daytime_start < info->daytime_stop) {
> +   if (info->daytime_start <= info->daytime_stop) {
>          if (packet_time < info->daytime_start ||
>              packet_time > info->daytime_stop)
>              return false;
> 

As far as I can see, this would cause only packets arriving at midnight
to match by default (i.e. without both --timestart and --timestop).

                                                         Michal Kubecek

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html