Shell Need the actual 'jiffle' factor used by IPTable

byrnejb

Well-Known Member

Reaction score: 27
Messages: 446

This may belong in another forum but since I am encountering this in a BASH script I will start here.

I am examining records created using the IPTables recent module. The last_seen value is recorded in something that I have read are called jiffles. A jiffle is reported to be 1 sec divided by the HZ rate of the host. In examples I have seen this value is taken from the CONFIG_HZ in /boot/config-$(uname -r). On my FreeBSD-12.2 host this value is 1000.

The implication of this is that the value of last_seen must be divided by 1000 to give the epoch seconds. However, doing so results in nonsensical date values. For example:
Code:
  last_seen value: 53370951241
              Now: 1628705691 seconds
     Current Date: Wed Aug 11 14:14:51 EDT 2021
           Jiffle: 1000
 Calculated EPOCH: 53370951.24100000000000000000
   Last Seen Date: Fri Sep 10 13:15:51 EDT 1971

Now, if I calculate the divisor by dividing the last_seen value by the current system time in seconds (using a last_seen value added to the target file immediately before calculating) then I get a value of ~ 32.76900613131959085090. This gives more reasonable results but the calculated value is not consistent across trials. For example:

Code:
  last_seen value: 53374644261
              Now: 1628709382 seconds
     Current Date: Wed Aug 11 15:16:22 EDT 2021
     Jiffle Fixed: 32.76900613131959085090
      EPOCH from Fixed: 1628814863.87181529108599863390
   Last Seen Date: Thu Aug 12 20:34:23 EDT 2021
Jiffle Calculated: 32.77112838599710356429
 EPOCH Calculated: 1628709382.00000000000046494679
   Last Seen Date: Wed Aug 11 15:16:22 EDT 2021
last_seen value: 53374644261
              Now: 1628709386 seconds
     Current Date: Wed Aug 11 15:16:26 EDT 2021
     Jiffle Fixed: 32.76900613131959085090
      EPOCH from Fixed: 1628814863.87181529108599863390
   Last Seen Date: Thu Aug 12 20:34:23 EDT 2021
Jiffle Calculated: 32.77112830551343062008
 EPOCH Calculated: 1628709386.00000000000048530306
   Last Seen Date: Wed Aug 11 15:16:26 EDT 2021

My question is: Why do the entries in different tables, or even consecutive entries in the same table, not produce the same jiffle factor? What does IPTables use to determine what the jiffle value is?
 

PMc

Daemon

Reaction score: 685
Messages: 1,381

The implication of this is that the value of last_seen must be divided by 1000 to give the epoch seconds. However, doing so results in nonsensical date values. For example:
Code:
  last_seen value: 53370951241
              Now: 1628705691 seconds
     Current Date: Wed Aug 11 14:14:51 EDT 2021
           Jiffle: 1000
 Calculated EPOCH: 53370951.24100000000000000000
   Last Seen Date: Fri Sep 10 13:15:51 EDT 1971
Dont know what IPtables is or what you're talking about - but these numbers here...

Code:
$ bc
scale=3
53370951241/1628705691
32.768
... that should ring bells: 2^15/1000. (2^15 is the common Hz value for all kinds of digital watches.)
 

mer

Aspiring Daemon

Reaction score: 390
Messages: 623

IPTables, isn't that Linux firewall stuff? If the OP is not talking about that, can you tell us what you mean by "IPTables recent module"?
 

hardworkingnewbie

Active Member

Reaction score: 223
Messages: 230

Iptables is the user space tool to configure the Netfilter firewall layer of the Linux kernel. It's something which is definitely not available on FreeBSD.

Netfilter has a recent module. This is definitely a Linux question, which has absolutely nothing to do with FreeBSD.
 

mark_j

Daemon

Reaction score: 733
Messages: 1,273

He's examining output of iptables in freebsd. Seems a valid topic. Though asking about the functionality of iptables isn't.
 

PMc

Daemon

Reaction score: 685
Messages: 1,381

Ah so, if that figures, then these jiffles come from linux. And we here are certainly not the information brokerage for Linux. So the best track is what has caught my eye, that these jiffles look like 2^15/HZ, which may have some meaning (or may not), and which may help as it is an explicite answer to the question in the thread Title (or may not help). And for further implementation details a Linux/IPtables forum is certainly a better place. (We recently learned here that Linux runs with HZ=0 when idle, and therefore needs no CPU power - so whatever; thankfully I don't need to fully understand that..)
 

mark_j

Daemon

Reaction score: 733
Messages: 1,273

(We recently learned here that Linux runs with HZ=0 when idle, and therefore needs no CPU power - so whatever; thankfully I don't need to fully understand that..)

Silly Boy. :oops: Static electrical charges are 0Hz. Ergo, Linux runs off rubbing socks on carpet! ;) (Proviso: at idle only!)
 
  • Like
Reactions: PMc

gpw928

Aspiring Daemon

Reaction score: 266
Messages: 593

They are not jiffles, they are jiffies (one hardware clock tick). I guess that the 'ffi' ligature gets the blame for that mistake.

Their duration is variable, and may be changed by re-compiling the Linux kernel.

Since Linus has observed "We know Linux is the best, it can do infinite loops in five seconds", it would seem that jiffies might, under some circumstances, be semi-infinitely small 😉.
 
Top