filter: added BPF random opcode

Added a new ancillary load (bpf call in eBPF parlance) that produces a 32-bit random number. We are implementing it as an ancillary load (instead of an ISA opcode) because (a) it is simpler, (b) allows easy JITing, and (c) seems more in line with generic ISAs that do not have "get a random number" as a instruction, but as an OS call. The main use for this ancillary load is to perform random packet sampling. Signed-off-by: Chema Gonzalez <chema@google.com> Acked-by: Alexei Starovoitov <ast@plumgrid.com> Acked-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Chema Gonzalez <chema@google.com> 2014-04-21 12:21:24 -0400
committer: David S. Miller <davem@davemloft.net> 2014-04-22 21:27:57 -0400
commit: 4cd3675ebf74d7f559038ded6aa8088e4099a83d (patch)
tree: 6988d7dc3352fbcce10c5c510ffa11e6f30217de /Documentation
parent: 5a4ae5f6e7d4b2b5a9b8981d513345053e40b6ac (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/Documentation/networking/filter.txt b/Documentation/networking/filter.txt
index 81f940f4e884..82e1cb0b3da8 100644
--- a/Documentation/networking/filter.txt
+++ b/Documentation/networking/filter.txt
@@ -281,6 +281,7 @@ Possible BPF extensions are shown in the following table:
  cpu                                   raw_smp_processor_id()
  vlan_tci                              vlan_tx_tag_get(skb)
  vlan_pr                               vlan_tx_tag_present(skb)
+  rand                                  prandom_u32()
 These extensions can also be prefixed with '#'.
 Examples for low-level BPF:
@@ -308,6 +309,18 @@ Examples for low-level BPF:
  ret #-1
  drop: ret #0
+** icmp random packet sampling, 1 in 4
+  ldh [12]
+  jne #0x800, drop
+  ldb [23]
+  jneq #1, drop
+  # get a random uint32 number
+  ld rand
+  mod #4
+  jneq #1, drop
+  ret #-1
+  drop: ret #0
 ** SECCOMP filter example:
  ld [4]                  /* offsetof(struct seccomp_data, arch) */
author	Chema Gonzalez <chema@google.com>	2014-04-21 12:21:24 -0400
committer	David S. Miller <davem@davemloft.net>	2014-04-22 21:27:57 -0400
commit	4cd3675ebf74d7f559038ded6aa8088e4099a83d (patch)
tree	6988d7dc3352fbcce10c5c510ffa11e6f30217de /Documentation
parent	5a4ae5f6e7d4b2b5a9b8981d513345053e40b6ac (diff)

diff --git a/Documentation/networking/filter.txt b/Documentation/networking/filter.txt index 81f940f4e884..82e1cb0b3da8 100644 --- a/Documentation/networking/filter.txt +++ b/Documentation/networking/filter.txt
@@ -281,6 +281,7 @@ Possible BPF extensions are shown in the following table:
281	cpu raw_smp_processor_id()	281	cpu raw_smp_processor_id()
282	vlan_tci vlan_tx_tag_get(skb)	282	vlan_tci vlan_tx_tag_get(skb)
283	vlan_pr vlan_tx_tag_present(skb)	283	vlan_pr vlan_tx_tag_present(skb)
		284	rand prandom_u32()
284		285
285	These extensions can also be prefixed with '#'.	286	These extensions can also be prefixed with '#'.
286	Examples for low-level BPF:	287	Examples for low-level BPF:
@@ -308,6 +309,18 @@ Examples for low-level BPF:
308	ret #-1	309	ret #-1
309	drop: ret #0	310	drop: ret #0
310		311
		312	** icmp random packet sampling, 1 in 4
		313	ldh [12]
		314	jne #0x800, drop
		315	ldb [23]
		316	jneq #1, drop
		317	# get a random uint32 number
		318	ld rand
		319	mod #4
		320	jneq #1, drop
		321	ret #-1
		322	drop: ret #0
		323
311	** SECCOMP filter example:	324	** SECCOMP filter example:
312		325
313	ld [4] /* offsetof(struct seccomp_data, arch) */	326	ld [4] /* offsetof(struct seccomp_data, arch) */