meta random fills a 32bit register with a pseudo-random number. For instance one can now use meta random <= 2147483647 ... to match every 2nd packet, on average. A followup patch will add a short-hand version ('probability 0.5') so that users do not have to deal with details. Signed-off-by: Florian Westphal <fw@xxxxxxxxx> --- src/meta.c | 6 ++++++ src/parser_bison.y | 1 + 2 files changed, 7 insertions(+) diff --git a/src/meta.c b/src/meta.c index 75431a2..8b1a2fc 100644 --- a/src/meta.c +++ b/src/meta.c @@ -10,11 +10,13 @@ * Development of this code funded by Astaro AG (http://www.astaro.com/) */ +#include <errno.h> #include <stddef.h> #include <stdlib.h> #include <stdio.h> #include <stdint.h> #include <string.h> +#include <limits.h> #include <net/if.h> #include <net/if_arp.h> #include <pwd.h> @@ -418,6 +420,9 @@ static const struct meta_template meta_templates[] = { [NFT_META_CGROUP] = META_TEMPLATE("cgroup", &integer_type, 4 * BITS_PER_BYTE, BYTEORDER_HOST_ENDIAN), + [NFT_META_PRANDOM] = META_TEMPLATE("random", &integer_type, + 4 * BITS_PER_BYTE, + BYTEORDER_BIG_ENDIAN), /* avoid conversion; doesn't have endianess */ }; static bool meta_key_is_qualified(enum nft_meta_keys key) @@ -428,6 +433,7 @@ static bool meta_key_is_qualified(enum nft_meta_keys key) case NFT_META_L4PROTO: case NFT_META_PROTOCOL: case NFT_META_PRIORITY: + case NFT_META_PRANDOM: return true; default: return false; diff --git a/src/parser_bison.y b/src/parser_bison.y index d7cba23..fdbfed9 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -2336,6 +2336,7 @@ meta_key_qualified : LENGTH { $$ = NFT_META_LEN; } | L4PROTO { $$ = NFT_META_L4PROTO; } | PROTOCOL { $$ = NFT_META_PROTOCOL; } | PRIORITY { $$ = NFT_META_PRIORITY; } + | RANDOM { $$ = NFT_META_PRANDOM; } ; meta_key_unqualified : MARK { $$ = NFT_META_MARK; } -- 2.7.3 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html