git.ipfire.org Git - thirdparty/nftables.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 19 Mar 2024 18:21:04 +0000 (19:21 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 20 Mar 2024 17:58:41 +0000 (18:58 +0100)
commit	44d144cd593e3af9f3b3618ea510ea02bba4bc4c
tree	78d4ccf0a4f9e2fe2b73dd4cc6a88bd9d855b246	tree
parent	b11b6c68e61ea294eb4c313705ccfe3e7b0eda87	commit \| diff

netlink_delinearize: reverse cross-day meta hour range

f8f32deda31d ("meta: Introduce new conditions 'time', 'day' and 'hour'")
reverses the hour range in case that a cross-day range is used, eg.

meta hour "03:00"-"14:00" counter accept

which results in (Sidney, Australia AEDT time):

meta hour != "14:00"-"03:00" counter accept

kernel handles time in UTC, therefore, cross-day range may not be
obvious according to local time.

The ruleset listing above is not very intuitive to the reader depending
on their timezone, therefore, complete netlink delinearize path to
reverse the cross-day meta range.

Update manpage to recommend to use a range expression when matching meta
hour range. Recommend range expression for meta time and meta day too.

Extend testcases/listing/meta_time to cover for this scenario.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1737
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

doc/primary-expression.txt		diff \| blob \| blame \| history
include/expression.h		diff \| blob \| blame \| history
include/meta.h		diff \| blob \| blame \| history
src/evaluate.c		diff \| blob \| blame \| history
src/netlink_delinearize.c		diff \| blob \| blame \| history
tests/shell/testcases/listing/dumps/meta_time.nft	[new file with mode: 0644]	blob
tests/shell/testcases/listing/dumps/meta_time.nodump	[deleted file]	blob \| blame \| history
tests/shell/testcases/listing/meta_time		diff \| blob \| blame \| history