[packages/kernel.git] / 2.6.0-NF-time-20031226.patch

diff -Nur linux-2.6.0.org/include/linux/netfilter_ipv4/ipt_time.h linux-2.6.0/include/linux/netfilter_ipv4/ipt_time.h
--- linux-2.6.0.org/include/linux/netfilter_ipv4/ipt_time.h	1970-01-01 01:00:00.000000000 +0100
+++ linux-2.6.0/include/linux/netfilter_ipv4/ipt_time.h	2003-12-27 21:40:26.252586648 +0100
@@ -0,0 +1,13 @@
+#ifndef __ipt_time_h_included__
+#define __ipt_time_h_included__
+
+
+struct ipt_time_info {
+	u_int8_t  days_match;   /* 1 bit per day. -SMTWTFS                      */
+	u_int16_t time_start;   /* 0 < time_start < 23*60+59 = 1439             */
+	u_int16_t time_stop;    /* 0:0 < time_stat < 23:59                      */
+	u_int8_t  kerneltime;   /* ignore skb time (and use kerneltime) or not. */
+};
+
+
+#endif /* __ipt_time_h_included__ */
diff -Nur linux-2.6.0.org/net/ipv4/netfilter/ipt_time.c linux-2.6.0/net/ipv4/netfilter/ipt_time.c
--- linux-2.6.0.org/net/ipv4/netfilter/ipt_time.c	1970-01-01 01:00:00.000000000 +0100
+++ linux-2.6.0/net/ipv4/netfilter/ipt_time.c	2003-12-27 21:40:26.252586648 +0100
@@ -0,0 +1,185 @@
+/*
+  This is a module which is used for time matching
+  It is using some modified code from dietlibc (localtime() function)
+  that you can find at http://www.fefe.de/dietlibc/
+  This file is distributed under the terms of the GNU General Public
+  License (GPL). Copies of the GPL can be obtained from: ftp://prep.ai.mit.edu/pub/gnu/GPL
+  2001-05-04 Fabrice MARIE <fabrice@netfilter.org> : initial development.
+  2001-21-05 Fabrice MARIE <fabrice@netfilter.org> : bug fix in the match code,
+     thanks to "Zeng Yu" <zengy@capitel.com.cn> for bug report.
+  2001-26-09 Fabrice MARIE <fabrice@netfilter.org> : force the match to be in LOCAL_IN or PRE_ROUTING only.
+  2001-30-11 Fabrice : added the possibility to use the match in FORWARD/OUTPUT with a little hack,
+     added Nguyen Dang Phuoc Dong <dongnd@tlnet.com.vn> patch to support timezones.
+*/
+
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter_ipv4/ipt_time.h>
+#include <linux/time.h>
+
+MODULE_AUTHOR("Fabrice MARIE <fabrice@netfilter.org>");
+MODULE_DESCRIPTION("Match arrival timestamp");
+MODULE_LICENSE("GPL");
+
+struct tm
+{
+	int tm_sec;                   /* Seconds.     [0-60] (1 leap second) */
+	int tm_min;                   /* Minutes.     [0-59] */
+	int tm_hour;                  /* Hours.       [0-23] */
+	int tm_mday;                  /* Day.         [1-31] */
+	int tm_mon;                   /* Month.       [0-11] */
+	int tm_year;                  /* Year - 1900.  */
+	int tm_wday;                  /* Day of week. [0-6] */
+	int tm_yday;                  /* Days in year.[0-365] */
+	int tm_isdst;                 /* DST.         [-1/0/1]*/
+
+	long int tm_gmtoff;           /* we don't care, we count from GMT */
+	const char *tm_zone;          /* we don't care, we count from GMT */
+};
+
+void
+localtime(const time_t *timepr, struct tm *r);
+
+static int
+match(const struct sk_buff *skb,
+      const struct net_device *in,
+      const struct net_device *out,
+      const void *matchinfo,
+      int offset,
+      const void *hdr,
+      u_int16_t datalen,
+      int *hotdrop)
+{
+	const struct ipt_time_info *info = matchinfo;   /* match info for rule */
+	struct tm currenttime;                          /* time human readable */
+	u_int8_t days_of_week[7] = {64, 32, 16, 8, 4, 2, 1};
+	u_int16_t packet_time;
+	struct timeval kerneltimeval;
+	time_t packet_local_time;
+
+	/* if kerneltime=1, we don't read the skb->timestamp but kernel time instead */
+	if (info->kerneltime)
+	{
+		do_gettimeofday(&kerneltimeval);
+		packet_local_time = kerneltimeval.tv_sec;
+	}
+	else
+		packet_local_time = skb->stamp.tv_sec;
+
+	/* Transform the timestamp of the packet, in a human readable form */
+	localtime(&packet_local_time, &currenttime);
+
+	/* check if we match this timestamp, we start by the days... */
+	if ((days_of_week[currenttime.tm_wday] & info->days_match) != days_of_week[currenttime.tm_wday])
+		return 0; /* the day doesn't match */
+
+	/* ... check the time now */
+	packet_time = (currenttime.tm_hour * 60) + currenttime.tm_min;
+	if ((packet_time < info->time_start) || (packet_time > info->time_stop))
+		return 0;
+
+	/* here we match ! */
+	return 1;
+}
+
+static int
+checkentry(const char *tablename,
+           const struct ipt_ip *ip,
+           void *matchinfo,
+           unsigned int matchsize,
+           unsigned int hook_mask)
+{
+	struct ipt_time_info *info = matchinfo;   /* match info for rule */
+
+	/* First, check that we are in the correct hook */
+	/* PRE_ROUTING, LOCAL_IN or FROWARD */
+	if (hook_mask
+            & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD) | (1 << NF_IP_LOCAL_OUT)))
+	{
+		printk("ipt_time: error, only valid for PRE_ROUTING, LOCAL_IN, FORWARD and OUTPUT)\n");
+		return 0;
+	}
+	/* we use the kerneltime if we are in forward or output */
+	info->kerneltime = 1;
+	if (hook_mask & ~((1 << NF_IP_FORWARD) | (1 << NF_IP_LOCAL_OUT))) 
+		/* if not, we use the skb time */
+		info->kerneltime = 0;
+
+	/* Check the size */
+	if (matchsize != IPT_ALIGN(sizeof(struct ipt_time_info)))
+		return 0;
+	/* Now check the coherence of the data ... */
+	if ((info->time_start > 1439) ||        /* 23*60+59 = 1439*/
+	    (info->time_stop  > 1439))
+	{
+		printk(KERN_WARNING "ipt_time: invalid argument\n");
+		return 0;
+	}
+
+	return 1;
+}
+
+static struct ipt_match time_match
+= { { NULL, NULL }, "time", &match, &checkentry, NULL, THIS_MODULE };
+
+static int __init init(void)
+{
+	printk("ipt_time loading\n");
+	return ipt_register_match(&time_match);
+}
+
+static void __exit fini(void)
+{
+	ipt_unregister_match(&time_match);
+	printk("ipt_time unloaded\n");
+}
+
+module_init(init);
+module_exit(fini);
+
+
+/* The part below is borowed and modified from dietlibc */
+
+/* seconds per day */
+#define SPD 24*60*60
+
+void
+localtime(const time_t *timepr, struct tm *r) {
+	time_t i;
+	time_t timep;
+	extern struct timezone sys_tz;
+	const unsigned int __spm[12] =
+		{ 0,
+		  (31),
+		  (31+28),
+		  (31+28+31),
+		  (31+28+31+30),
+		  (31+28+31+30+31),
+		  (31+28+31+30+31+30),
+		  (31+28+31+30+31+30+31),
+		  (31+28+31+30+31+30+31+31),
+		  (31+28+31+30+31+30+31+31+30),
+		  (31+28+31+30+31+30+31+31+30+31),
+		  (31+28+31+30+31+30+31+31+30+31+30),
+		};
+	register time_t work;
+
+	timep = (*timepr) - (sys_tz.tz_minuteswest * 60);
+	work=timep%(SPD);
+	r->tm_sec=work%60; work/=60;
+	r->tm_min=work%60; r->tm_hour=work/60;
+	work=timep/(SPD);
+	r->tm_wday=(4+work)%7;
+	for (i=1970; ; ++i) {
+		register time_t k= (!(i%4) && ((i%100) || !(i%400)))?366:365;
+		if (work>k)
+			work-=k;
+		else
+			break;
+	}
+	r->tm_year=i-1900;
+	for (i=11; i && __spm[i]>work; --i) ;
+	r->tm_mon=i;
+	r->tm_mday=work-__spm[i]+1;
+}
diff -Nur linux-2.6.0.org/net/ipv4/netfilter/Kconfig linux-2.6.0/net/ipv4/netfilter/Kconfig
--- linux-2.6.0.org/net/ipv4/netfilter/Kconfig	2003-12-18 03:59:25.000000000 +0100
+++ linux-2.6.0/net/ipv4/netfilter/Kconfig	2003-12-27 21:40:26.000000000 +0100
@@ -566,5 +566,35 @@
 
 	  To compile it as a module, choose M here.  If unsure, say N.
 
+config IP_NF_MATCH_TIME
+	tristate  'TIME match support'
+	depends on IP_NF_IPTABLES
+	  help
+	  
+	  This option adds CONFIG_IP_NF_MATCH_TIME, which supplies a time match module.
+	  This match allows you to filter based on the packet arrival time
+	  (arrival time at the machine which the netfilter is running on) or
+	  departure time (for locally generated packets).
+	  
+	  Supported options are:
+	  --timestart HH:MM
+	    The starting point of the time match frame.
+	  
+	  --timestop HH:MM
+	    The stopping point of the time match frame
+	  
+	  --days Tue,Mon...
+	    Days of the week to match separated by a coma, no space
+	    (one of Sun,Mon,Tue,Wed,Thu,Fri,Sat)
+	  
+	  Example:
+	    -A INPUT -m time --timestart 8:00 --timestop 18:00 --days Mon,Tue,Wed,Thu,Fri
+	    will match packets that have an arrival timestamp in the range 8:00->18:00 from Monday
+	    to Friday.
+	  
+	    -A OUTPUT -m time --timestart 8:00 --timestop 18:00 --Days Mon
+	    will match the packets (locally generated) that have a departure timestamp
+	    in the range 8:00->18:00 on Monday only.
+
 endmenu
 
diff -Nur linux-2.6.0.org/net/ipv4/netfilter/Makefile linux-2.6.0/net/ipv4/netfilter/Makefile
--- linux-2.6.0.org/net/ipv4/netfilter/Makefile	2003-12-18 03:58:28.000000000 +0100
+++ linux-2.6.0/net/ipv4/netfilter/Makefile	2003-12-27 21:40:26.000000000 +0100
@@ -51,6 +51,9 @@
 obj-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner.o
 obj-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos.o
 
+obj-$(CONFIG_IP_NF_MATCH_TIME) += ipt_time.o
+
+
 obj-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent.o
 
 obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o
Commit	Line	Data
7fcfc8b8	1	diff -Nur linux-2.6.0.org/include/linux/netfilter_ipv4/ipt_time.h linux-2.6.0/include/linux/netfilter_ipv4/ipt_time.h
	2	--- linux-2.6.0.org/include/linux/netfilter_ipv4/ipt_time.h 1970-01-01 01:00:00.000000000 +0100
	3	+++ linux-2.6.0/include/linux/netfilter_ipv4/ipt_time.h 2003-12-27 21:40:26.252586648 +0100
	4	@@ -0,0 +1,13 @@
	5	+#ifndef __ipt_time_h_included__
	6	+#define __ipt_time_h_included__
	7	+
	8	+
	9	+struct ipt_time_info {
	10	+ u_int8_t days_match; /* 1 bit per day. -SMTWTFS */
	11	+ u_int16_t time_start; /* 0 < time_start < 2360+59 = 1439 /
	12	+ u_int16_t time_stop; /* 0:0 < time_stat < 23:59 */
	13	+ u_int8_t kerneltime; /* ignore skb time (and use kerneltime) or not. */
	14	+};
	15	+
	16	+
	17	+#endif /* __ipt_time_h_included__ */
	18	diff -Nur linux-2.6.0.org/net/ipv4/netfilter/ipt_time.c linux-2.6.0/net/ipv4/netfilter/ipt_time.c
	19	--- linux-2.6.0.org/net/ipv4/netfilter/ipt_time.c 1970-01-01 01:00:00.000000000 +0100
	20	+++ linux-2.6.0/net/ipv4/netfilter/ipt_time.c 2003-12-27 21:40:26.252586648 +0100
	21	@@ -0,0 +1,185 @@
	22	+/*
	23	+ This is a module which is used for time matching
	24	+ It is using some modified code from dietlibc (localtime() function)
	25	+ that you can find at http://www.fefe.de/dietlibc/
	26	+ This file is distributed under the terms of the GNU General Public
	27	+ License (GPL). Copies of the GPL can be obtained from: ftp://prep.ai.mit.edu/pub/gnu/GPL
	28	+ 2001-05-04 Fabrice MARIE <fabrice@netfilter.org> : initial development.
	29	+ 2001-21-05 Fabrice MARIE <fabrice@netfilter.org> : bug fix in the match code,
	30	+ thanks to "Zeng Yu" <zengy@capitel.com.cn> for bug report.
	31	+ 2001-26-09 Fabrice MARIE <fabrice@netfilter.org> : force the match to be in LOCAL_IN or PRE_ROUTING only.
	32	+ 2001-30-11 Fabrice : added the possibility to use the match in FORWARD/OUTPUT with a little hack,
	33	+ added Nguyen Dang Phuoc Dong <dongnd@tlnet.com.vn> patch to support timezones.
	34	+*/
	35	+
	36	+#include <linux/module.h>
	37	+#include <linux/skbuff.h>
	38	+#include <linux/netfilter_ipv4/ip_tables.h>
	39	+#include <linux/netfilter_ipv4/ipt_time.h>
	40	+#include <linux/time.h>
	41	+
	42	+MODULE_AUTHOR("Fabrice MARIE <fabrice@netfilter.org>");
	43	+MODULE_DESCRIPTION("Match arrival timestamp");
	44	+MODULE_LICENSE("GPL");
	45	+
	46	+struct tm
	47	+{
	48	+ int tm_sec; /* Seconds. [0-60] (1 leap second) */
	49	+ int tm_min; /* Minutes. [0-59] */
	50	+ int tm_hour; /* Hours. [0-23] */
	51	+ int tm_mday; /* Day. [1-31] */
	52	+ int tm_mon; /* Month. [0-11] */
	53	+ int tm_year; /* Year - 1900. */
	54	+ int tm_wday; /* Day of week. [0-6] */
	55	+ int tm_yday; /* Days in year.[0-365] */
	56	+ int tm_isdst; /* DST. [-1/0/1]*/
	57	+
	58	+ long int tm_gmtoff; /* we don't care, we count from GMT */
	59	+ const char tm_zone; / we don't care, we count from GMT */
	60	+};
	61	+
	62	+void
	63	+localtime(const time_t timepr, struct tm r);
	64	+
65	+static int
66	+match(const struct sk_buff *skb,
67	+ const struct net_device *in,
68	+ const struct net_device *out,
69	+ const void *matchinfo,
70	+ int offset,
71	+ const void *hdr,
72	+ u_int16_t datalen,
73	+ int *hotdrop)
74	+{
75	+ const struct ipt_time_info info = matchinfo; / match info for rule */
76	+ struct tm currenttime; /* time human readable */
77	+ u_int8_t days_of_week[7] = {64, 32, 16, 8, 4, 2, 1};
78	+ u_int16_t packet_time;
79	+ struct timeval kerneltimeval;
80	+ time_t packet_local_time;
81	+
82	+ /* if kerneltime=1, we don't read the skb->timestamp but kernel time instead */
83	+ if (info->kerneltime)
84	+ {
85	+ do_gettimeofday(&kerneltimeval);
86	+ packet_local_time = kerneltimeval.tv_sec;
87	+ }
88	+ else
89	+ packet_local_time = skb->stamp.tv_sec;
90	+
91	+ /* Transform the timestamp of the packet, in a human readable form */
92	+ localtime(&packet_local_time, &currenttime);
93	+
94	+ /* check if we match this timestamp, we start by the days... */
95	+ if ((days_of_week[currenttime.tm_wday] & info->days_match) != days_of_week[currenttime.tm_wday])
96	+ return 0; /* the day doesn't match */
97	+
98	+ /* ... check the time now */
99	+ packet_time = (currenttime.tm_hour * 60) + currenttime.tm_min;
100	+ if ((packet_time < info->time_start) \|\| (packet_time > info->time_stop))
101	+ return 0;
102	+
103	+ /* here we match ! */
104	+ return 1;
105	+}
106	+
107	+static int
108	+checkentry(const char *tablename,
109	+ const struct ipt_ip *ip,
110	+ void *matchinfo,
111	+ unsigned int matchsize,
112	+ unsigned int hook_mask)
113	+{
114	+ struct ipt_time_info info = matchinfo; / match info for rule */
115	+
116	+ /* First, check that we are in the correct hook */
117	+ /* PRE_ROUTING, LOCAL_IN or FROWARD */
118	+ if (hook_mask
119	+ & ~((1 << NF_IP_PRE_ROUTING) \| (1 << NF_IP_LOCAL_IN) \| (1 << NF_IP_FORWARD) \| (1 << NF_IP_LOCAL_OUT)))
120	+ {
121	+ printk("ipt_time: error, only valid for PRE_ROUTING, LOCAL_IN, FORWARD and OUTPUT)\n");
122	+ return 0;
123	+ }
124	+ /* we use the kerneltime if we are in forward or output */
125	+ info->kerneltime = 1;
126	+ if (hook_mask & ~((1 << NF_IP_FORWARD) \| (1 << NF_IP_LOCAL_OUT)))
127	+ /* if not, we use the skb time */
128	+ info->kerneltime = 0;
129	+
130	+ /* Check the size */
131	+ if (matchsize != IPT_ALIGN(sizeof(struct ipt_time_info)))
132	+ return 0;
133	+ /* Now check the coherence of the data ... */
134	+ if ((info->time_start > 1439) \|\| /* 2360+59 = 1439/
135	+ (info->time_stop > 1439))
136	+ {
137	+ printk(KERN_WARNING "ipt_time: invalid argument\n");
138	+ return 0;
139	+ }
140	+
141	+ return 1;
142	+}
143	+
144	+static struct ipt_match time_match
145	+= { { NULL, NULL }, "time", &match, &checkentry, NULL, THIS_MODULE };
146	+
147	+static int __init init(void)
148	+{
149	+ printk("ipt_time loading\n");
150	+ return ipt_register_match(&time_match);
151	+}
152	+
153	+static void __exit fini(void)
154	+{
155	+ ipt_unregister_match(&time_match);
156	+ printk("ipt_time unloaded\n");
157	+}
158	+
159	+module_init(init);
160	+module_exit(fini);
161	+
162	+
163	+/* The part below is borowed and modified from dietlibc */
164	+
165	+/* seconds per day */
166	+#define SPD 246060
167	+
168	+void
169	+localtime(const time_t timepr, struct tm r) {
170	+ time_t i;
171	+ time_t timep;
172	+ extern struct timezone sys_tz;
173	+ const unsigned int __spm[12] =
174	+ { 0,
175	+ (31),
176	+ (31+28),
177	+ (31+28+31),
178	+ (31+28+31+30),
179	+ (31+28+31+30+31),
180	+ (31+28+31+30+31+30),
181	+ (31+28+31+30+31+30+31),
182	+ (31+28+31+30+31+30+31+31),
183	+ (31+28+31+30+31+30+31+31+30),
184	+ (31+28+31+30+31+30+31+31+30+31),
185	+ (31+28+31+30+31+30+31+31+30+31+30),
186	+ };
187	+ register time_t work;
188	+
189	+ timep = (timepr) - (sys_tz.tz_minuteswest 60);
190	+ work=timep%(SPD);
191	+ r->tm_sec=work%60; work/=60;
192	+ r->tm_min=work%60; r->tm_hour=work/60;
193	+ work=timep/(SPD);
194	+ r->tm_wday=(4+work)%7;
195	+ for (i=1970; ; ++i) {
196	+ register time_t k= (!(i%4) && ((i%100) \|\| !(i%400)))?366:365;
197	+ if (work>k)
198	+ work-=k;
199	+ else
200	+ break;
201	+ }
202	+ r->tm_year=i-1900;
203	+ for (i=11; i && __spm[i]>work; --i) ;
204	+ r->tm_mon=i;
205	+ r->tm_mday=work-__spm[i]+1;
206	+}
207	diff -Nur linux-2.6.0.org/net/ipv4/netfilter/Kconfig linux-2.6.0/net/ipv4/netfilter/Kconfig
208	--- linux-2.6.0.org/net/ipv4/netfilter/Kconfig 2003-12-18 03:59:25.000000000 +0100
209	+++ linux-2.6.0/net/ipv4/netfilter/Kconfig 2003-12-27 21:40:26.000000000 +0100
210	@@ -566,5 +566,35 @@
211
212	To compile it as a module, choose M here. If unsure, say N.
213
214	+config IP_NF_MATCH_TIME
215	+ tristate 'TIME match support'
216	+ depends on IP_NF_IPTABLES
217	+ help
218	+
219	+ This option adds CONFIG_IP_NF_MATCH_TIME, which supplies a time match module.
220	+ This match allows you to filter based on the packet arrival time
221	+ (arrival time at the machine which the netfilter is running on) or
222	+ departure time (for locally generated packets).
223	+
224	+ Supported options are:
225	+ --timestart HH:MM
226	+ The starting point of the time match frame.
227	+
228	+ --timestop HH:MM
229	+ The stopping point of the time match frame
230	+
231	+ --days Tue,Mon...
232	+ Days of the week to match separated by a coma, no space
233	+ (one of Sun,Mon,Tue,Wed,Thu,Fri,Sat)
234	+
235	+ Example:
236	+ -A INPUT -m time --timestart 8:00 --timestop 18:00 --days Mon,Tue,Wed,Thu,Fri
237	+ will match packets that have an arrival timestamp in the range 8:00->18:00 from Monday
238	+ to Friday.
239	+
240	+ -A OUTPUT -m time --timestart 8:00 --timestop 18:00 --Days Mon
241	+ will match the packets (locally generated) that have a departure timestamp
242	+ in the range 8:00->18:00 on Monday only.
243	+
244	endmenu
245
246	diff -Nur linux-2.6.0.org/net/ipv4/netfilter/Makefile linux-2.6.0/net/ipv4/netfilter/Makefile
247	--- linux-2.6.0.org/net/ipv4/netfilter/Makefile 2003-12-18 03:58:28.000000000 +0100
248	+++ linux-2.6.0/net/ipv4/netfilter/Makefile 2003-12-27 21:40:26.000000000 +0100
249	@@ -51,6 +51,9 @@
250	obj-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner.o
251	obj-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos.o
252
253	+obj-$(CONFIG_IP_NF_MATCH_TIME) += ipt_time.o
254	+
255	+
256	obj-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent.o
257
258	obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o