Are Berkeley Packet Filter opcode values implementation defined?
I always thought of tcpdump/libpcap as authoritative in the BPF arena. I noticed that the linux kernel and tcpdump read BPF filters differently. The BPF mnemonics and behavior is the same, but the actual opcode values themselves seem different. I went looking on the internets for "The Standard", but everything I've found only has mnemonics.</div