Index: bpf.c
===================================================================
RCS file: /cvs/src/sys/net/bpf.c,v
retrieving revision 1.148
diff -u -p -r1.148 bpf.c
--- bpf.c	22 Aug 2016 10:40:36 -0000	1.148
+++ bpf.c	8 Sep 2016 00:45:49 -0000
@@ -218,6 +218,11 @@ bpf_movein(struct uio *uio, u_int linkty
 		goto bad;
 
 	slen = bpf_filter(filter, mtod(m, u_char *), len, len);
+	if (ISSET(slen, BPF_RET_DROP)) {
+		error = EPERM;
+		goto bad;
+	}
+	slen &= BPF_RET_LEN;
 	if (slen < len) {
 		error = EPERM;
 		goto bad;
@@ -1159,7 +1164,7 @@ bpf_tap(caddr_t arg, u_char *pkt, u_int 
 	struct bpf_if *bp = (struct bpf_if *)arg;
 	struct srp_ref sr;
 	struct bpf_d *d;
-	size_t slen;
+	unsigned int slen;
 	struct timeval tv;
 	int drop = 0, gottime = 0;
 	int s;
@@ -1182,6 +1187,9 @@ bpf_tap(caddr_t arg, u_char *pkt, u_int 
 				fcode = bf->bf_insns;
 			slen = bpf_filter(fcode, pkt, pktlen, pktlen);
 			srp_leave(&sr);
+
+			drop |= ISSET(slen, BPF_RET_DROP);
+			slen &= slen & BPF_RET_LEN;
 		}
 
 		if (slen > 0) {
@@ -1237,7 +1245,8 @@ _bpf_mtap(caddr_t arg, const struct mbuf
 	struct bpf_if *bp = (struct bpf_if *)arg;
 	struct srp_ref sr;
 	struct bpf_d *d;
-	size_t pktlen, slen;
+	size_t pktlen,
+	unsigned int slen;
 	const struct mbuf *m0;
 	struct timeval tv;
 	int gottime = 0;
@@ -1272,6 +1281,9 @@ _bpf_mtap(caddr_t arg, const struct mbuf
 				fcode = bf->bf_insns;
 			slen = bpf_mfilter(fcode, m, pktlen);
 			srp_leave(&bsr);
+
+			drop |= ISSET(slen, BPF_RET_DROP);
+			slen &= slen & BPF_RET_LEN;
 		}
 
 		if (slen > 0) {
Index: bpf.h
===================================================================
RCS file: /cvs/src/sys/net/bpf.h,v
retrieving revision 1.56
diff -u -p -r1.56 bpf.h
--- bpf.h	10 May 2016 23:48:07 -0000	1.56
+++ bpf.h	8 Sep 2016 00:45:49 -0000
@@ -244,6 +244,10 @@ struct bpf_hdr {
 #define		BPF_TAX		0x00
 #define		BPF_TXA		0x80
 
+/* return values */
+#define BPF_RET_DROP		0x80000000U
+#define BPF_RET_LEN		0x7fffffffU
+
 /*
  * The instruction data structure.
  */
Index: bpf_filter.c
===================================================================
RCS file: /cvs/src/sys/net/bpf_filter.c,v
retrieving revision 1.30
diff -u -p -r1.30 bpf_filter.c
--- bpf_filter.c	2 Apr 2016 10:26:58 -0000	1.30
+++ bpf_filter.c	8 Sep 2016 00:45:49 -0000
@@ -148,14 +148,14 @@ _bpf_filter(const struct bpf_insn *pc, c
 	int32_t mem[BPF_MEMWORDS];
 	int err;
 
-	bzero(mem, sizeof(mem));
-
 	if (pc == NULL) {
 		/*
 		 * No filter means accept all.
 		 */
-		return (u_int)-1;
+		return wirelen;
 	}
+
+	bzero(mem, sizeof(mem));
 
 	--pc;
 	while (1) {