Index: sys/net/bpf.h =================================================================== RCS file: /cvs/src/sys/net/bpf.h,v retrieving revision 1.69 diff -u -p -r1.69 bpf.h --- sys/net/bpf.h 18 Jun 2020 23:27:58 -0000 1.69 +++ sys/net/bpf.h 16 Jul 2020 07:08:52 -0000 @@ -237,6 +237,7 @@ struct bpf_hdr { #define BPF_MEM 0x60 #define BPF_LEN 0x80 #define BPF_MSH 0xa0 +#define BPF_RND 0xc0 /* alu/jmp fields */ #define BPF_OP(code) ((code) & 0xf0) Index: sys/net/bpf_filter.c =================================================================== RCS file: /cvs/src/sys/net/bpf_filter.c,v retrieving revision 1.33 diff -u -p -r1.33 bpf_filter.c --- sys/net/bpf_filter.c 8 Sep 2017 05:36:53 -0000 1.33 +++ sys/net/bpf_filter.c 16 Jul 2020 07:08:52 -0000 @@ -199,6 +199,10 @@ _bpf_filter(const struct bpf_insn *pc, c X = wirelen; continue; + case BPF_LD|BPF_W|BPF_RND: + A = arc4random(); + continue; + case BPF_LD|BPF_W|BPF_IND: k = X + pc->k; A = ops->ldw(pkt, k, &err); @@ -414,6 +418,7 @@ bpf_validate(struct bpf_insn *f, int len return 0; break; case BPF_LEN: + case BPF_RND: break; default: return 0; Index: share/man/man4/bpf.4 =================================================================== RCS file: /cvs/src/share/man/man4/bpf.4,v retrieving revision 1.41 diff -u -p -r1.41 bpf.4 --- share/man/man4/bpf.4 25 Apr 2019 18:26:16 -0000 1.41 +++ share/man/man4/bpf.4 16 Jul 2020 07:08:52 -0000 @@ -614,6 +614,8 @@ packet data at a variable offset .Pf ( Dv BPF_IND ) , the packet length .Pf ( Dv BPF_LEN ) , +a random number +.Pf ( Dv BPF_BPF ) , or a word in the scratch memory store .Pf ( Dv BPF_MEM ) . For @@ -673,6 +675,12 @@ A <- P[X+k:1] .Xc .Sm on A <- len +.Sm off +.It Xo Dv BPF_LD No + Dv BPF_W No + +.Dv BPF_RND +.Xc +.Sm on +A <- arc4random() .Sm off .It Dv BPF_LD No + Dv BPF_IMM .Sm on Index: lib/libpcap/bpf_image.c =================================================================== RCS file: /cvs/src/lib/libpcap/bpf_image.c,v retrieving revision 1.10 diff -u -p -r1.10 bpf_image.c --- lib/libpcap/bpf_image.c 3 Jun 2018 10:29:28 -0000 1.10 +++ lib/libpcap/bpf_image.c 16 Jul 2020 07:08:52 -0000 @@ -82,6 +82,11 @@ bpf_image(p, n) fmt = "#pktlen"; break; + case BPF_LD|BPF_W|BPF_RND: + op = "ld"; + fmt = "#random"; + break; + case BPF_LD|BPF_W|BPF_IND: op = "ld"; fmt = "[x + %d]"; Index: lib/libpcap/gencode.c =================================================================== RCS file: /cvs/src/lib/libpcap/gencode.c,v retrieving revision 1.52 diff -u -p -r1.52 gencode.c --- lib/libpcap/gencode.c 9 Dec 2018 15:07:06 -0000 1.52 +++ lib/libpcap/gencode.c 16 Jul 2020 07:08:52 -0000 @@ -2870,6 +2870,22 @@ gen_loadlen() } struct arth * +gen_loadrnd() +{ + int regno = alloc_reg(); + struct arth *a = (struct arth *)newchunk(sizeof(*a)); + struct slist *s; + + s = new_stmt(BPF_LD|BPF_RND); + s->next = new_stmt(BPF_ST); + s->next->s.k = regno; + a->s = s; + a->regno = regno; + + return a; +} + +struct arth * gen_loadi(val) int val; { Index: lib/libpcap/gencode.h =================================================================== RCS file: /cvs/src/lib/libpcap/gencode.h,v retrieving revision 1.19 diff -u -p -r1.19 gencode.h --- lib/libpcap/gencode.h 9 Dec 2018 15:07:06 -0000 1.19 +++ lib/libpcap/gencode.h 16 Jul 2020 07:08:52 -0000 @@ -155,6 +155,7 @@ struct qual { struct arth *gen_loadi(int); struct arth *gen_load(int, struct arth *, int); struct arth *gen_loadlen(void); +struct arth *gen_loadrnd(void); struct arth *gen_neg(struct arth *); struct arth *gen_arth(int, struct arth *, struct arth *); Index: lib/libpcap/grammar.y =================================================================== RCS file: /cvs/src/lib/libpcap/grammar.y,v retrieving revision 1.20 diff -u -p -r1.20 grammar.y --- lib/libpcap/grammar.y 9 Dec 2018 15:07:06 -0000 1.20 +++ lib/libpcap/grammar.y 16 Jul 2020 07:08:52 -0000 @@ -113,7 +113,7 @@ pcap_parse() %token GEQ LEQ NEQ %token ID EID HID HID6 %token LSH RSH -%token LEN +%token LEN RND %token IPV6 ICMPV6 AH ESP %token VLAN MPLS @@ -425,6 +425,7 @@ narth: pname '[' arth ']' { $$ = gen_ | '-' arth %prec UMINUS { $$ = gen_neg($2); } | paren narth ')' { $$ = $2; } | LEN { $$ = gen_loadlen(); } + | RND { $$ = gen_loadrnd(); } ; byteop: '&' { $$ = '&'; } | '|' { $$ = '|'; } Index: lib/libpcap/optimize.c =================================================================== RCS file: /cvs/src/lib/libpcap/optimize.c,v retrieving revision 1.20 diff -u -p -r1.20 optimize.c --- lib/libpcap/optimize.c 26 Apr 2018 16:22:40 -0000 1.20 +++ lib/libpcap/optimize.c 16 Jul 2020 07:08:52 -0000 @@ -894,6 +894,7 @@ opt_stmt(s, val, alter) break; case BPF_LD|BPF_LEN: + case BPF_LD|BPF_RND: v = F(s->code, 0L, 0L); vstore(s, &val[A_ATOM], v, alter); break; Index: lib/libpcap/scanner.l =================================================================== RCS file: /cvs/src/lib/libpcap/scanner.l,v retrieving revision 1.26 diff -u -p -r1.26 scanner.l --- lib/libpcap/scanner.l 9 Dec 2018 15:07:06 -0000 1.26 +++ lib/libpcap/scanner.l 16 Jul 2020 07:08:52 -0000 @@ -220,6 +220,7 @@ or|"||" return OR; not return '!'; len|length return LEN; +rnd|random return RND; inbound return INBOUND; outbound return OUTBOUND;