On Fri, Aug 25, 2023 at 03:24:16PM +0200, Thomas Haller wrote:
> Add a cache for "time(NULL)" and tm_gmtoff from localtime_r(time(NULL), &tm).
> The point is to ensure that one parse/output operation fetches the current time
> and GMT offset at most once.
>
> Follow up to ([1])
>
> Subject: Re: [nft PATCH 2/2] meta: use reentrant localtime_r()/gmtime_r() functions
> Date: Tue, 22 Aug 2023 17:15:14 +0200
>
> [1] https://marc.info/?l=netfilter-devel&m=169271724629901&w=4
To extend what I said yesterday. It would be great if you could
validate that we have sufficient tests for time support.
Probably you can use this ruleset that I am attaching as reference and
think of a ruleset to cover this? I am attaching an example ruleset
which is basically a "timetable" using nftables sets/maps.
table netdev filter {
map ether_to_chain {
typeof ether saddr : verdict
elements = { 96:68:97:a7:e8:a7 comment "Device match" : jump fw_p0_dev0 }
}
map schedule_time {
typeof meta time : verdict
flags interval
counter
elements = { "2022-10-09 18:46:50" - "2022-10-09 19:16:50" comment "!Schedule OFFLINE override" : drop }
}
map schedule_day {
typeof meta day . meta hour : verdict
flags interval
counter
elements = { "Tuesday" . "06:00" - "07:00" : drop }
}
chain fw_p0_dev0 {
meta time vmap @schedule_time
meta day . meta hour vmap @schedule_day
}
chain my_devices_rules {
ether saddr vmap @ether_to_chain
}
chain ingress {
type filter hook ingress device eth0 priority filter; policy accept;
jump my_devices_rules
}
}
