On Mon, Mar 20, 2023 at 10:15 AM Jesper Dangaard Brouer <jbrouer@xxxxxxxxxx> wrote: > > > On 20/03/2023 16.33, Vincent Li wrote: > > > > if I have a XDP based firewall to block ip access based on system > > localtime/wall time, is it still impossible like what mentioned here > > https://github.com/xdp-project/xdp-tutorial/issues/204#issuecomment-819419800? > > If so, is there any way to workaround this? > > You could use the BPF-helper named: bpf_ktime_get_tai_ns() > > See man clock_gettime(2). It is the same as CLOCK_TAI, which is > (currently) offset with 37 sec to CLOCK_REALTIME which is wall-clock. > > Perhaps kernel should be extended with a bpf_ktime_get_wall_ns() ? > I guess it would be useful, I have a scenario that only allow ip access between 07:00AM - 10:30PM for middle school kids everyday. now I use cron job to run an user space program to add/delete IP from eBPF map pinned by the XDP firewall program :) > --Jesper >
|