On Tue, Mar 21, 2023 at 10:27 AM Vincent Li <vincent.mc.li@xxxxxxxxx> wrote: > > On Mon, Mar 20, 2023 at 2:57 PM Vincent Li <vincent.mc.li@xxxxxxxxx> wrote: > > > > On Mon, Mar 20, 2023 at 10:15 AM Jesper Dangaard Brouer > > <jbrouer@xxxxxxxxxx> wrote: > > > > > > > > > On 20/03/2023 16.33, Vincent Li wrote: > > > > > > > > if I have a XDP based firewall to block ip access based on system > > > > localtime/wall time, is it still impossible like what mentioned here > > > > https://github.com/xdp-project/xdp-tutorial/issues/204#issuecomment-819419800? > > > > If so, is there any way to workaround this? > > > > > > You could use the BPF-helper named: bpf_ktime_get_tai_ns() > > > > > > See man clock_gettime(2). It is the same as CLOCK_TAI, which is > > > (currently) offset with 37 sec to CLOCK_REALTIME which is wall-clock. > > > > > sorry a follow-up question, the bpf_ktime_get_tai_ns will return time > as nano seconds, right? > I do not need the nanoseconds precision, I only need HH:MM like hours > and minutes of the day, for example 10:30 = 10 * 60 + 30 is good > enough, > any trick get that from bpf_ktime_get_tai_ns() > so I guess I just do bpf_ktime_get_tai_ns() / 60000000000 to convert to minutes ? > > > Perhaps kernel should be extended with a bpf_ktime_get_wall_ns() ? > > > > > I guess it would be useful, I have a scenario that only allow ip > > access between 07:00AM - 10:30PM for middle school kids everyday. now > > I use cron job to run an user space program to add/delete IP from eBPF > > map pinned by the XDP firewall program :) > > > > > --Jesper > > >
|