On Mon, Mar 20, 2023 at 2:57 PM Vincent Li <vincent.mc.li@xxxxxxxxx> wrote: > > On Mon, Mar 20, 2023 at 10:15 AM Jesper Dangaard Brouer > <jbrouer@xxxxxxxxxx> wrote: > > > > > > On 20/03/2023 16.33, Vincent Li wrote: > > > > > > if I have a XDP based firewall to block ip access based on system > > > localtime/wall time, is it still impossible like what mentioned here > > > https://github.com/xdp-project/xdp-tutorial/issues/204#issuecomment-819419800? > > > If so, is there any way to workaround this? > > > > You could use the BPF-helper named: bpf_ktime_get_tai_ns() > > > > See man clock_gettime(2). It is the same as CLOCK_TAI, which is > > (currently) offset with 37 sec to CLOCK_REALTIME which is wall-clock. > > sorry a follow-up question, the bpf_ktime_get_tai_ns will return time as nano seconds, right? I do not need the nanoseconds precision, I only need HH:MM like hours and minutes of the day, for example 10:30 = 10 * 60 + 30 is good enough, any trick get that from bpf_ktime_get_tai_ns() > > Perhaps kernel should be extended with a bpf_ktime_get_wall_ns() ? > > > I guess it would be useful, I have a scenario that only allow ip > access between 07:00AM - 10:30PM for middle school kids everyday. now > I use cron job to run an user space program to add/delete IP from eBPF > map pinned by the XDP firewall program :) > > > --Jesper > >
|