Displaying 1 result from an estimated 1 matches for "timestop".
Did you mean:
timesto
2019 Apr 04
0
[Bug 1332] New: Time-matching extension (--match time) broken by timestamping changes in kernel 4.20 and later
...not think this is a
distribution specific problem. iptables is at version 1.8.0.
Steps to reproduce:
1) flush/delete all iptables rules and set all chains to ACCEPT
2) add a rule with time matching (e.g, 'iptables -A OUTPUT -d example.com
--match time --timestart <five minutes ago UTC> --timestop <five minutes in the
future UTC> -j DROP')
3) verify that packets to example.com are correctly dropped on 4.19.6
4) verify that packets to example.com are NOT dropped on 4.20.17
5) reintroduce 'skb->tstamp = 0;' in "net/ipv4/tcp_output.c", recompile kernel
4.20.17, an...