diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-03-19 19:21:04 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-03-20 18:58:41 +0100 |
| commit | 44d144cd593e3af9f3b3618ea510ea02bba4bc4c (patch) | |
| tree | 78d4ccf0a4f9e2fe2b73dd4cc6a88bd9d855b246 /tests/shell/testcases | |
| parent | b11b6c68e61ea294eb4c313705ccfe3e7b0eda87 (diff) | |
netlink_delinearize: reverse cross-day meta hour range
f8f32deda31d ("meta: Introduce new conditions 'time', 'day' and 'hour'")
reverses the hour range in case that a cross-day range is used, eg.
meta hour "03:00"-"14:00" counter accept
which results in (Sidney, Australia AEDT time):
meta hour != "14:00"-"03:00" counter accept
kernel handles time in UTC, therefore, cross-day range may not be
obvious according to local time.
The ruleset listing above is not very intuitive to the reader depending
on their timezone, therefore, complete netlink delinearize path to
reverse the cross-day meta range.
Update manpage to recommend to use a range expression when matching meta
hour range. Recommend range expression for meta time and meta day too.
Extend testcases/listing/meta_time to cover for this scenario.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1737
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell/testcases')
| -rw-r--r-- | tests/shell/testcases/listing/dumps/meta_time.nft | 32 | ||||
| -rw-r--r-- | tests/shell/testcases/listing/dumps/meta_time.nodump | 0 | ||||
| -rwxr-xr-x | tests/shell/testcases/listing/meta_time | 5 |
3 files changed, 37 insertions, 0 deletions
diff --git a/tests/shell/testcases/listing/dumps/meta_time.nft b/tests/shell/testcases/listing/dumps/meta_time.nft new file mode 100644 index 00000000..9121aef5 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/meta_time.nft @@ -0,0 +1,32 @@ +table ip t { + chain c { + meta hour "01:00"-"01:59" + meta hour "02:00"-"02:59" + meta hour "03:00"-"03:59" + meta hour "04:00"-"04:59" + meta hour "05:00"-"05:59" + meta hour "06:00"-"06:59" + meta hour "07:00"-"07:59" + meta hour "08:00"-"08:59" + meta hour "09:00"-"09:59" + meta hour "10:00"-"10:59" + meta hour "11:00"-"11:59" + meta hour "12:00"-"12:59" + meta hour "13:00"-"13:59" + meta hour "14:00"-"14:59" + meta hour "15:00"-"15:59" + meta hour "16:00"-"16:59" + meta hour "17:00"-"17:59" + meta hour "18:00"-"18:59" + meta hour "19:00"-"19:59" + meta hour "20:00"-"20:59" + meta hour "21:00"-"21:59" + meta hour "22:00"-"22:59" + meta hour "23:00"-"23:59" + meta hour "00:00"-"00:59" + meta hour "04:00"-"15:00" + meta hour "05:00"-"16:00" + meta hour "06:00"-"17:00" + meta hour "07:00"-"18:00" + } +} diff --git a/tests/shell/testcases/listing/dumps/meta_time.nodump b/tests/shell/testcases/listing/dumps/meta_time.nodump deleted file mode 100644 index e69de29b..00000000 --- a/tests/shell/testcases/listing/dumps/meta_time.nodump +++ /dev/null diff --git a/tests/shell/testcases/listing/meta_time b/tests/shell/testcases/listing/meta_time index 4db517d3..39fa4387 100755 --- a/tests/shell/testcases/listing/meta_time +++ b/tests/shell/testcases/listing/meta_time @@ -52,3 +52,8 @@ done printf "\t\tmeta hour \"%02d:%02d\"-\"%02d:%02d\"\n" 0 0 0 59 >> "$TMP1" check_decode UTC-1 + +TZ=EADT $NFT add rule t c meta hour "03:00"-"14:00" +TZ=EADT $NFT add rule t c meta hour "04:00"-"15:00" +TZ=EADT $NFT add rule t c meta hour "05:00"-"16:00" +TZ=EADT $NFT add rule t c meta hour "06:00"-"17:00" |