- added description of djurban's branch

[packages/kernel.git] / 2.6.1-rc2-NF-time-20040107.patch

diff -Nur linux-2.6.1-rc2.org/include/linux/netfilter_ipv4/ipt_time.h linux-2.6.1-rc2/include/linux/netfilter_ipv4/ipt_time.h
--- linux-2.6.1-rc2.org/include/linux/netfilter_ipv4/ipt_time.h 1970-01-01 01:00:00.000000000 +0100
+++ linux-2.6.1-rc2/include/linux/netfilter_ipv4/ipt_time.h     2004-01-07 19:25:39.901675288 +0100
@@ -0,0 +1,13 @@
+#ifndef __ipt_time_h_included__
+#define __ipt_time_h_included__
+
+
+struct ipt_time_info {
+       u_int8_t  days_match;   /* 1 bit per day. -SMTWTFS                      */
+       u_int16_t time_start;   /* 0 < time_start < 23*60+59 = 1439             */
+       u_int16_t time_stop;    /* 0:0 < time_stat < 23:59                      */
+       u_int8_t  kerneltime;   /* ignore skb time (and use kerneltime) or not. */
+};
+
+
+#endif /* __ipt_time_h_included__ */
diff -Nur linux-2.6.1-rc2.org/net/ipv4/netfilter/ipt_time.c linux-2.6.1-rc2/net/ipv4/netfilter/ipt_time.c
--- linux-2.6.1-rc2.org/net/ipv4/netfilter/ipt_time.c   1970-01-01 01:00:00.000000000 +0100
+++ linux-2.6.1-rc2/net/ipv4/netfilter/ipt_time.c       2004-01-07 19:25:39.902675136 +0100
@@ -0,0 +1,185 @@
+/*
+  This is a module which is used for time matching
+  It is using some modified code from dietlibc (localtime() function)
+  that you can find at http://www.fefe.de/dietlibc/
+  This file is distributed under the terms of the GNU General Public
+  License (GPL). Copies of the GPL can be obtained from: ftp://prep.ai.mit.edu/pub/gnu/GPL
+  2001-05-04 Fabrice MARIE <fabrice@netfilter.org> : initial development.
+  2001-21-05 Fabrice MARIE <fabrice@netfilter.org> : bug fix in the match code,
+     thanks to "Zeng Yu" <zengy@capitel.com.cn> for bug report.
+  2001-26-09 Fabrice MARIE <fabrice@netfilter.org> : force the match to be in LOCAL_IN or PRE_ROUTING only.
+  2001-30-11 Fabrice : added the possibility to use the match in FORWARD/OUTPUT with a little hack,
+     added Nguyen Dang Phuoc Dong <dongnd@tlnet.com.vn> patch to support timezones.
+*/
+
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter_ipv4/ipt_time.h>
+#include <linux/time.h>
+
+MODULE_AUTHOR("Fabrice MARIE <fabrice@netfilter.org>");
+MODULE_DESCRIPTION("Match arrival timestamp");
+MODULE_LICENSE("GPL");
+
+struct tm
+{
+       int tm_sec;                   /* Seconds.     [0-60] (1 leap second) */
+       int tm_min;                   /* Minutes.     [0-59] */
+       int tm_hour;                  /* Hours.       [0-23] */
+       int tm_mday;                  /* Day.         [1-31] */
+       int tm_mon;                   /* Month.       [0-11] */
+       int tm_year;                  /* Year - 1900.  */
+       int tm_wday;                  /* Day of week. [0-6] */
+       int tm_yday;                  /* Days in year.[0-365] */
+       int tm_isdst;                 /* DST.         [-1/0/1]*/
+
+       long int tm_gmtoff;           /* we don't care, we count from GMT */
+       const char *tm_zone;          /* we don't care, we count from GMT */
+};
+
+void
+localtime(const time_t *timepr, struct tm *r);
+
+static int
+match(const struct sk_buff *skb,
+      const struct net_device *in,
+      const struct net_device *out,
+      const void *matchinfo,
+      int offset,
+      const void *hdr,
+      u_int16_t datalen,
+      int *hotdrop)
+{
+       const struct ipt_time_info *info = matchinfo;   /* match info for rule */
+       struct tm currenttime;                          /* time human readable */
+       u_int8_t days_of_week[7] = {64, 32, 16, 8, 4, 2, 1};
+       u_int16_t packet_time;
+       struct timeval kerneltimeval;
+       time_t packet_local_time;
+
+       /* if kerneltime=1, we don't read the skb->timestamp but kernel time instead */
+       if (info->kerneltime)
+       {
+               do_gettimeofday(&kerneltimeval);
+               packet_local_time = kerneltimeval.tv_sec;
+       }
+       else
+               packet_local_time = skb->stamp.tv_sec;
+
+       /* Transform the timestamp of the packet, in a human readable form */
+       localtime(&packet_local_time, &currenttime);
+
+       /* check if we match this timestamp, we start by the days... */
+       if ((days_of_week[currenttime.tm_wday] & info->days_match) != days_of_week[currenttime.tm_wday])
+               return 0; /* the day doesn't match */
+
+       /* ... check the time now */
+       packet_time = (currenttime.tm_hour * 60) + currenttime.tm_min;
+       if ((packet_time < info->time_start) || (packet_time > info->time_stop))
+               return 0;
+
+       /* here we match ! */
+       return 1;
+}
+
+static int
+checkentry(const char *tablename,
+           const struct ipt_ip *ip,
+           void *matchinfo,
+           unsigned int matchsize,
+           unsigned int hook_mask)
+{
+       struct ipt_time_info *info = matchinfo;   /* match info for rule */
+
+       /* First, check that we are in the correct hook */
+       /* PRE_ROUTING, LOCAL_IN or FROWARD */
+       if (hook_mask
+            & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD) | (1 << NF_IP_LOCAL_OUT)))
+       {
+               printk("ipt_time: error, only valid for PRE_ROUTING, LOCAL_IN, FORWARD and OUTPUT)\n");
+               return 0;
+       }
+       /* we use the kerneltime if we are in forward or output */
+       info->kerneltime = 1;
+       if (hook_mask & ~((1 << NF_IP_FORWARD) | (1 << NF_IP_LOCAL_OUT))) 
+               /* if not, we use the skb time */
+               info->kerneltime = 0;
+
+       /* Check the size */
+       if (matchsize != IPT_ALIGN(sizeof(struct ipt_time_info)))
+               return 0;
+       /* Now check the coherence of the data ... */
+       if ((info->time_start > 1439) ||        /* 23*60+59 = 1439*/
+           (info->time_stop  > 1439))
+       {
+               printk(KERN_WARNING "ipt_time: invalid argument\n");
+               return 0;
+       }
+
+       return 1;
+}
+
+static struct ipt_match time_match
+= { { NULL, NULL }, "time", &match, &checkentry, NULL, THIS_MODULE };
+
+static int __init init(void)
+{
+       printk("ipt_time loading\n");
+       return ipt_register_match(&time_match);
+}
+
+static void __exit fini(void)
+{
+       ipt_unregister_match(&time_match);
+       printk("ipt_time unloaded\n");
+}
+
+module_init(init);
+module_exit(fini);
+
+
+/* The part below is borowed and modified from dietlibc */
+
+/* seconds per day */
+#define SPD 24*60*60
+
+void
+localtime(const time_t *timepr, struct tm *r) {
+       time_t i;
+       time_t timep;
+       extern struct timezone sys_tz;
+       const unsigned int __spm[12] =
+               { 0,
+                 (31),
+                 (31+28),
+                 (31+28+31),
+                 (31+28+31+30),
+                 (31+28+31+30+31),
+                 (31+28+31+30+31+30),
+                 (31+28+31+30+31+30+31),
+                 (31+28+31+30+31+30+31+31),
+                 (31+28+31+30+31+30+31+31+30),
+                 (31+28+31+30+31+30+31+31+30+31),
+                 (31+28+31+30+31+30+31+31+30+31+30),
+               };
+       register time_t work;
+
+       timep = (*timepr) - (sys_tz.tz_minuteswest * 60);
+       work=timep%(SPD);
+       r->tm_sec=work%60; work/=60;
+       r->tm_min=work%60; r->tm_hour=work/60;
+       work=timep/(SPD);
+       r->tm_wday=(4+work)%7;
+       for (i=1970; ; ++i) {
+               register time_t k= (!(i%4) && ((i%100) || !(i%400)))?366:365;
+               if (work>k)
+                       work-=k;
+               else
+                       break;
+       }
+       r->tm_year=i-1900;
+       for (i=11; i && __spm[i]>work; --i) ;
+       r->tm_mon=i;
+       r->tm_mday=work-__spm[i]+1;
+}
diff -Nur linux-2.6.1-rc2.org/net/ipv4/netfilter/Kconfig linux-2.6.1-rc2/net/ipv4/netfilter/Kconfig
--- linux-2.6.1-rc2.org/net/ipv4/netfilter/Kconfig      2004-01-06 06:10:05.000000000 +0100
+++ linux-2.6.1-rc2/net/ipv4/netfilter/Kconfig  2004-01-07 19:25:39.904674832 +0100
@@ -566,5 +566,35 @@
 
          To compile it as a module, choose M here.  If unsure, say N.
 
+config IP_NF_MATCH_TIME
+       tristate  'TIME match support'
+       depends on IP_NF_IPTABLES
+         help
+         
+         This option adds CONFIG_IP_NF_MATCH_TIME, which supplies a time match module.
+         This match allows you to filter based on the packet arrival time
+         (arrival time at the machine which the netfilter is running on) or
+         departure time (for locally generated packets).
+         
+         Supported options are:
+         --timestart HH:MM
+           The starting point of the time match frame.
+         
+         --timestop HH:MM
+           The stopping point of the time match frame
+         
+         --days Tue,Mon...
+           Days of the week to match separated by a coma, no space
+           (one of Sun,Mon,Tue,Wed,Thu,Fri,Sat)
+         
+         Example:
+           -A INPUT -m time --timestart 8:00 --timestop 18:00 --days Mon,Tue,Wed,Thu,Fri
+           will match packets that have an arrival timestamp in the range 8:00->18:00 from Monday
+           to Friday.
+         
+           -A OUTPUT -m time --timestart 8:00 --timestop 18:00 --Days Mon
+           will match the packets (locally generated) that have a departure timestamp
+           in the range 8:00->18:00 on Monday only.
+
 endmenu
 
diff -Nur linux-2.6.1-rc2.org/net/ipv4/netfilter/Makefile linux-2.6.1-rc2/net/ipv4/netfilter/Makefile
--- linux-2.6.1-rc2.org/net/ipv4/netfilter/Makefile     2004-01-06 06:08:53.000000000 +0100
+++ linux-2.6.1-rc2/net/ipv4/netfilter/Makefile 2004-01-07 19:25:39.905674680 +0100
@@ -51,6 +51,9 @@
 obj-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner.o
 obj-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos.o
 
+obj-$(CONFIG_IP_NF_MATCH_TIME) += ipt_time.o
+
+
 obj-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent.o
 
 obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o