Hi Florian,
On 02/16/2016 01:09 PM, Florian Westphal wrote:
Can be used to randomly match a packet, e.g. for statistical traffic
sampling.
See commit 3ad0040573b0c00f8848
("bpf: split state from prandom_u32() and consolidate {c, e}BPF prngs")
for more info why this doesn't use prandom_u32 directly.
Unlike bpf nft_meta can be built as a module, so add an EXPORT_SYMBOL
for prandom_seed_full_state too.
Cc: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
[...]
@@ -241,6 +248,7 @@ int nft_meta_get_init(const struct nft_ctx *ctx,
{
struct nft_meta *priv = nft_expr_priv(expr);
unsigned int len;
+ static bool prand_inited __read_mostly;
priv->key = ntohl(nla_get_be32(tb[NFTA_META_KEY]));
switch (priv->key) {
@@ -277,6 +285,13 @@ int nft_meta_get_init(const struct nft_ctx *ctx,
case NFT_META_OIFNAME:
len = IFNAMSIZ;
break;
+ case NFT_META_PRANDOM:
+ if (!prand_inited) {
+ prandom_seed_full_state(&nft_prandom_state);
+ prand_inited = true;
+ }
Should this be: prandom_init_once() ?
+ len = sizeof(u32);
+ break;
default:
return -EOPNOTSUPP;
}
Thanks,
Daniel
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
