From: "Fingerhut, John Andy" <john.andy.fingerhut@intel.com>
To: "Vincent Li" <vincent.mc.li@gmail.com>,
"Toke Høiland-Jørgensen" <toke@redhat.com>
Cc: Jesper Dangaard Brouer <jbrouer@redhat.com>,
"xdp-newbies@vger.kernel.org" <xdp-newbies@vger.kernel.org>,
"Brouer, Jesper" <brouer@redhat.com>
Subject: RE: How to get system localtime/wall time from eBPF?
Date: Tue, 21 Mar 2023 18:04:48 +0000 [thread overview]
Message-ID: <MN2PR11MB35659617789FE604A629C976A6819@MN2PR11MB3565.namprd11.prod.outlook.com> (raw)
In-Reply-To: <CAK3+h2xt-rmizCv54cuJvii+6Ui-PuQSi2es6FS65fmZ0ise6Q@mail.gmail.com>
I may have misunderstood the goal of getting the time in the questioner's particular use case, but if it is a time-based decision of allowing/denying traffic for fairly long blocks of time, you could have a user-space program populating an ebpf table with the current "allow/deny" setting for now, and have the user space program update that when it changes.
Populating the delta between the time that is currently readable from the ebpf code, vs. one that cannot, from a user-space program, as suggested by another person, is another workable approach with no kernel enhancements required. Update that delta as often as you think you need to, e.g. even doing it once per minute is low CPU overhead.
Andy
-----Original Message-----
From: Vincent Li <vincent.mc.li@gmail.com>
Sent: Tuesday, March 21, 2023 1:55 PM
To: Toke Høiland-Jørgensen <toke@redhat.com>
Cc: Jesper Dangaard Brouer <jbrouer@redhat.com>; xdp-newbies@vger.kernel.org; Brouer, Jesper <brouer@redhat.com>
Subject: Re: How to get system localtime/wall time from eBPF?
On Tue, Mar 21, 2023 at 10:43 AM Toke Høiland-Jørgensen <toke@redhat.com> wrote:
>
> Vincent Li <vincent.mc.li@gmail.com> writes:
>
> > On Mon, Mar 20, 2023 at 2:57 PM Vincent Li <vincent.mc.li@gmail.com> wrote:
> >>
> >> On Mon, Mar 20, 2023 at 10:15 AM Jesper Dangaard Brouer
> >> <jbrouer@redhat.com> wrote:
> >> >
> >> >
> >> > On 20/03/2023 16.33, Vincent Li wrote:
> >> > >
> >> > > if I have a XDP based firewall to block ip access based on
> >> > > system localtime/wall time, is it still impossible like what
> >> > > mentioned here https://github.com/xdp-project/xdp-tutorial/issues/204#issuecomment-819419800?
> >> > > If so, is there any way to workaround this?
> >> >
> >> > You could use the BPF-helper named: bpf_ktime_get_tai_ns()
> >> >
> >> > See man clock_gettime(2). It is the same as CLOCK_TAI, which is
> >> > (currently) offset with 37 sec to CLOCK_REALTIME which is wall-clock.
> >> >
> >
> > sorry a follow-up question, the bpf_ktime_get_tai_ns will return
> > time as nano seconds, right?
> > I do not need the nanoseconds precision, I only need HH:MM like
> > hours and minutes of the day, for example 10:30 = 10 * 60 + 30 is
> > good enough, any trick get that from bpf_ktime_get_tai_ns()
>
> Populate the time at latest midnight from userspace when installing
> the program and calculate offsets from that?
>
Yes, I populated the map with 10 * 60 + 30 from user space, the remaining question is how to get minutes of the day from bpf_ktime_get_tai_ns(), I guess that is what you mean to calculate the offsets from kernel bpf code?
prev parent reply other threads:[~2023-03-21 18:05 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-20 15:33 How to get system localtime/wall time from eBPF? Vincent Li
2023-03-20 17:15 ` Jesper Dangaard Brouer
2023-03-20 21:57 ` Vincent Li
2023-03-21 17:27 ` Vincent Li
2023-03-21 17:37 ` Vincent Li
2023-03-21 17:43 ` Toke Høiland-Jørgensen
2023-03-21 17:55 ` Vincent Li
2023-03-21 18:04 ` Fingerhut, John Andy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MN2PR11MB35659617789FE604A629C976A6819@MN2PR11MB3565.namprd11.prod.outlook.com \
--to=john.andy.fingerhut@intel.com \
--cc=brouer@redhat.com \
--cc=jbrouer@redhat.com \
--cc=toke@redhat.com \
--cc=vincent.mc.li@gmail.com \
--cc=xdp-newbies@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).