summaryrefslogtreecommitdiffstats
path: root/Documentation
diff options
context:
space:
mode:
authorChema Gonzalez <chema@google.com>2014-04-21 09:21:24 -0700
committerDavid S. Miller <davem@davemloft.net>2014-04-22 21:27:57 -0400
commit4cd3675ebf74d7f559038ded6aa8088e4099a83d (patch)
tree6988d7dc3352fbcce10c5c510ffa11e6f30217de /Documentation
parent5a4ae5f6e7d4b2b5a9b8981d513345053e40b6ac (diff)
downloadlinux-4cd3675ebf74d7f559038ded6aa8088e4099a83d.tar.gz
linux-4cd3675ebf74d7f559038ded6aa8088e4099a83d.tar.bz2
linux-4cd3675ebf74d7f559038ded6aa8088e4099a83d.zip
filter: added BPF random opcode
Added a new ancillary load (bpf call in eBPF parlance) that produces a 32-bit random number. We are implementing it as an ancillary load (instead of an ISA opcode) because (a) it is simpler, (b) allows easy JITing, and (c) seems more in line with generic ISAs that do not have "get a random number" as a instruction, but as an OS call. The main use for this ancillary load is to perform random packet sampling. Signed-off-by: Chema Gonzalez <chema@google.com> Acked-by: Alexei Starovoitov <ast@plumgrid.com> Acked-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/networking/filter.txt13
1 files changed, 13 insertions, 0 deletions
diff --git a/Documentation/networking/filter.txt b/Documentation/networking/filter.txt
index 81f940f4e884..82e1cb0b3da8 100644
--- a/Documentation/networking/filter.txt
+++ b/Documentation/networking/filter.txt
@@ -281,6 +281,7 @@ Possible BPF extensions are shown in the following table:
cpu raw_smp_processor_id()
vlan_tci vlan_tx_tag_get(skb)
vlan_pr vlan_tx_tag_present(skb)
+ rand prandom_u32()
These extensions can also be prefixed with '#'.
Examples for low-level BPF:
@@ -308,6 +309,18 @@ Examples for low-level BPF:
ret #-1
drop: ret #0
+** icmp random packet sampling, 1 in 4
+ ldh [12]
+ jne #0x800, drop
+ ldb [23]
+ jneq #1, drop
+ # get a random uint32 number
+ ld rand
+ mod #4
+ jneq #1, drop
+ ret #-1
+ drop: ret #0
+
** SECCOMP filter example:
ld [4] /* offsetof(struct seccomp_data, arch) */