From: Florian Westphal <fw@strlen.de>
To: Florian Westphal <fw@strlen.de>
Cc: Ander Juaristi <a@juaristi.eus>, netfilter-devel@vger.kernel.org
Subject: Re: [PATCH v5 1/3] meta: Introduce new conditions 'time', 'day' and 'hour'
Date: Mon, 15 Jul 2019 01:34:01 +0200 [thread overview]
Message-ID: <20190714233401.frxc63fky53yfqft@breakpoint.cc> (raw)
In-Reply-To: <20190714231958.wtyiusnqpazmwbgl@breakpoint.cc>
Florian Westphal <fw@strlen.de> wrote:
> Ander Juaristi <a@juaristi.eus> wrote:
> This looks good to me, but there are three usability issues.
>
> The worst one first:
>
> nft add rule filter input hour 23:15-00:22 counter
>
> This works. But this fails:
> nft add rule filter input hour 23:15-03:22 counter
> Error: Range has zero or negative size
>
> Because values are converted to UTC, the first one will be a range from
> 21:15 to 22:22 UTC, so left < right. Second one is not.
>
> The obvious workaround:
>
> meta hour < "04:22" will NOT match at 00:28 (GMT+2), as its still 22:28 in
> the UTC time zone.
>
> It will match once local time is past 0 hours UTC.
>
> I suggest to try to fix this from the evaluation step, by
> swapping left and right and inverting the match.
>
> So 76500-8520 (left larger right) turns into "!= 8520-76500",
> which appears to do the right thing.
>
> shape and I have no idea how to fix this without using/relying on kernel time zone.
Argh, I reworded this and forgot to delete this half-sentence above.
> Even when relying on kernel time zone for everything, I don't see
> how we can support cross-day ("22:23-00:42") matching, as the range is
> invalid.
And that as well of course, swap and invert should work just fine.
> Second problem:
> Only solution I see is to change kernel patch to rely on
> sys_tz, just like xt_time, with all the pain this brings.
This stands, as the weekday is computed in the kernel, we will
need to bring sys_tz into this on the kernel side, the current
code uses UTC so we could be several hours off.
This can be restricted to the 'DAY' case of course.
next prev parent reply other threads:[~2019-07-14 23:34 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-07 20:55 [PATCH v5 1/3] meta: Introduce new conditions 'time', 'day' and 'hour' Ander Juaristi
2019-07-07 20:55 ` [PATCH v5 2/3] tests/py: Add tests for " Ander Juaristi
2019-07-14 23:20 ` Florian Westphal
2019-07-07 20:55 ` [PATCH v5 3/3] nft: Update documentation Ander Juaristi
2019-07-14 23:19 ` [PATCH v5 1/3] meta: Introduce new conditions 'time', 'day' and 'hour' Florian Westphal
2019-07-14 23:34 ` Florian Westphal [this message]
2019-07-18 12:56 ` Ander Juaristi
2019-07-18 13:41 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190714233401.frxc63fky53yfqft@breakpoint.cc \
--to=fw@strlen.de \
--cc=a@juaristi.eus \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).