libpcap / bpf fails to load new packet filter

libpcap / bpf fails to load new packet filter

Post by Anthony Enache Brow » Wed, 12 May 1999 04:00:00

To all of the unix berkeley packet filter gurus out there:

Can anyone tell me what conditions govern the kernel's acceptance of a
packet filter?

I'm currently attempting to debug a program running on Solaris 2.5.1
which sets a packet filter via libpcap and then parses the requisite
packets as they come up from the kernel.

Tracing through the execution of the program in the de*, the packet
filter is loaded from the appropriate configuration file.  The bpf
program is then properly translated and loaded without any problem.

The issue is that although everything seems to go smoothly, the packet
filter being executed in the kernel is a previous version, not the one
being loaded.  I have verified this via various means.  I've manually
assembled the bpf program and verified it with the code generated by the
program, and it is correct.  After a reboot, the machine still exhibits
this behaviour.

Can anyone shed some light on what may be happening here?

Thanks in advance.

- Anthony