I may have misunderstood the goal of getting the time in the questioner's particular use case, but if it is a time-based decision of allowing/denying traffic for fairly long blocks of time, you could have a user-space program populating an ebpf table with the current "allow/deny" setting for now, and have the user space program update that when it changes. Populating the delta between the time that is currently readable from the ebpf code, vs. one that cannot, from a user-space program, as suggested by another person, is another workable approach with no kernel enhancements required. Update that delta as often as you think you need to, e.g. even doing it once per minute is low CPU overhead. Andy -----Original Message----- From: Vincent Li <vincent.mc.li@xxxxxxxxx> Sent: Tuesday, March 21, 2023 1:55 PM To: Toke Høiland-Jørgensen <toke@xxxxxxxxxx> Cc: Jesper Dangaard Brouer <jbrouer@xxxxxxxxxx>; xdp-newbies@xxxxxxxxxxxxxxx; Brouer, Jesper <brouer@xxxxxxxxxx> Subject: Re: How to get system localtime/wall time from eBPF? On Tue, Mar 21, 2023 at 10:43 AM Toke Høiland-Jørgensen <toke@xxxxxxxxxx> wrote: > > Vincent Li <vincent.mc.li@xxxxxxxxx> writes: > > > On Mon, Mar 20, 2023 at 2:57 PM Vincent Li <vincent.mc.li@xxxxxxxxx> wrote: > >> > >> On Mon, Mar 20, 2023 at 10:15 AM Jesper Dangaard Brouer > >> <jbrouer@xxxxxxxxxx> wrote: > >> > > >> > > >> > On 20/03/2023 16.33, Vincent Li wrote: > >> > > > >> > > if I have a XDP based firewall to block ip access based on > >> > > system localtime/wall time, is it still impossible like what > >> > > mentioned here https://github.com/xdp-project/xdp-tutorial/issues/204#issuecomment-819419800? > >> > > If so, is there any way to workaround this? > >> > > >> > You could use the BPF-helper named: bpf_ktime_get_tai_ns() > >> > > >> > See man clock_gettime(2). It is the same as CLOCK_TAI, which is > >> > (currently) offset with 37 sec to CLOCK_REALTIME which is wall-clock. > >> > > > > > sorry a follow-up question, the bpf_ktime_get_tai_ns will return > > time as nano seconds, right? > > I do not need the nanoseconds precision, I only need HH:MM like > > hours and minutes of the day, for example 10:30 = 10 * 60 + 30 is > > good enough, any trick get that from bpf_ktime_get_tai_ns() > > Populate the time at latest midnight from userspace when installing > the program and calculate offsets from that? > Yes, I populated the map with 10 * 60 + 30 from user space, the remaining question is how to get minutes of the day from bpf_ktime_get_tai_ns(), I guess that is what you mean to calculate the offsets from kernel bpf code?
|