libxt_time: fix random --datestart skips

Frank Lichtenheld points out that -m time --datestart ...
sometimes messes up --datestart:

$ iptables -A INPUT -m time --datestart 2010-11-24T16:50:00 -j ACCEPT
$ iptables-save | grep 11
-A INPUT -m time --datestart 2010-11-24T16:50:00 -j ACCEPT
$ iptables-save | iptables-restore
$ iptables-save | grep 11
-A INPUT -m time --datestart 2010-11-24T15:50:00 -j ACCEPT

--datestart moved by one hour.

As the --timestart option does not care about DST, always set
dst=0 when parsing --starttime input.

Reported-by: Frank Lichtenheld <flichtenheld@astaro.com>
Signed-off-by: Florian Westphal <fwestphal@astaro.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/extensions/libxt_time.c b/extensions/libxt_time.c
index 5462d9304e320b7b9a3613ed515b58ccd23c8c4b..b2e6ffa6ceaf5030ad1db54782baa55a4b39f33c 100644 (file)
--- a/extensions/libxt_time.c
+++ b/extensions/libxt_time.c
@@ -139,6 +139,7 @@ static time_t time_parse_date(const char *s, bool end)
        tm.tm_hour = hour;
        tm.tm_min  = minute;
        tm.tm_sec  = second;
+       tm.tm_isdst = 0;
        ret = mktime(&tm);
        if (ret >= 0)
                return ret;