AIX 5.3, libpcap aix0.8: multiple processes break filter

[Jonathan Gruenhut <jonathan () zetapoint com>]

I have a C program that runs on AIX 5.3 and uses the libpcap library.  
(I should add that this program is basically cross-platform, and is 
designed to run on Solaris and Linux as well.  The Solaris and Linux 
programs do not have the problems that I'm describing.)

I use a capture filter to accept only TCP packets from a particular 
port, using pcap_compile and pcap_setfilter.  When I have only one 
process running, this works fine.

However, when I try to run a second process (from a different terminal 
window), to listen on a different TCP port, the first process I ran lets 
through all TCP traffic, on all ports.  Stopping the second process does 
not let the first one revert to its original filtering, but it continues 
to let through all packets.

Similarly, when I run a third process, the second one's filter breaks in 
the same way.

This behavior is not unique to my own application; I get the same 
behavior simply using tcpdump (version aix3.8 with libpcap version aix0.8).

I have to admit I'm completely baffled.  Web searching (and the Ethereal 
archives) showed me that libpcap on AIX is somewhat eccentric, but 
unfortunately I couldn't find anything touching on my problem.

Any and all help/hints/pointers are appreciated!  Thanks.

Jonathan Gruenhut
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.