AIX 5.3, libpcap aix0.8: multiple processes break filter

[Jonathan Gruenhut <jonathan () zetapoint com>]

I have a C program that runs on AIX 5.3 and uses the libpcap library.
(I should add that this program is basically cross-platform, and is
designed to run on Solaris and Linux as well.  The Solaris and Linux
programs do not have the problems that I'm describing.)

I use a capture filter to accept only TCP packets from a particular
port, using pcap_compile and pcap_setfilter.  When I have only one
process running, this works fine.

However, when I try to run a second process (from a different terminal
window), to listen on a different TCP port, the first process I ran lets
through all TCP traffic, on all ports.  Stopping the second process does
not let the first one revert to its original filtering, but it continues
to let through all packets.

Similarly, when I run a third process, the second one's filter breaks in
the same way.

This behavior is not unique to my own application; I get the same
behavior simply using tcpdump (version aix3.8 with libpcap version aix0.8).

I have to admit I'm completely baffled.  Web searching (and the Ethereal
archives) showed me that libpcap on AIX is somewhat eccentric, but
unfortunately I couldn't find anything touching on my problem.

Any and all help/hints/pointers are appreciated!  Thanks.

Jonathan Gruenhut

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.