Re: How to get system localtime/wall time from eBPF?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Mar 20, 2023 at 10:15 AM Jesper Dangaard Brouer
<jbrouer@xxxxxxxxxx> wrote:
>
>
> On 20/03/2023 16.33, Vincent Li wrote:
> >
> > if I have a XDP based firewall to block ip  access based on system
> > localtime/wall time, is it still impossible like what mentioned here
> > https://github.com/xdp-project/xdp-tutorial/issues/204#issuecomment-819419800?
> > If so, is there any way to workaround this?
>
> You could use the BPF-helper named: bpf_ktime_get_tai_ns()
>
> See man clock_gettime(2). It is the same as CLOCK_TAI, which is
> (currently) offset with 37 sec to CLOCK_REALTIME which is wall-clock.
>
> Perhaps kernel should be extended with a bpf_ktime_get_wall_ns() ?
>
I guess it would be useful, I have a scenario that only allow ip
access between 07:00AM - 10:30PM for middle school kids everyday. now
I use cron job to run an user space program to add/delete IP from eBPF
map pinned by the XDP firewall program :)

> --Jesper
>




[Index of Archives]     [Linux Networking Development]     [Fedora Linux Users]     [Linux SCTP]     [DCCP]     [Gimp]     [Yosemite Campsites]

  Powered by Linux