To all of the unix berkeley packet filter gurus out there:
Can anyone tell me what conditions govern the kernel's acceptance of a
I'm currently attempting to debug a program running on Solaris 2.5.1
which sets a packet filter via libpcap and then parses the requisite
packets as they come up from the kernel.
Tracing through the execution of the program in the de*, the packet
filter is loaded from the appropriate configuration file. The bpf
program is then properly translated and loaded without any problem.
The issue is that although everything seems to go smoothly, the packet
filter being executed in the kernel is a previous version, not the one
being loaded. I have verified this via various means. I've manually
assembled the bpf program and verified it with the code generated by the
program, and it is correct. After a reboot, the machine still exhibits
Can anyone shed some light on what may be happening here?
Thanks in advance.