Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 4782] New: wrong decoding for BGP ORF

Date: Mon, 24 May 2010 04:09:06 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4782

           Summary: wrong decoding for BGP ORF
           Product: Wireshark
           Version: 1.2.8
          Platform: x86-64
        OS/Version: Mac OS X 10.6
            Status: NEW
          Severity: Minor
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: karsten@xxxxxxx


Build Information:
Version 1.2.8 (SVN Rev 32676)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.9, (32-bit) with GLib 2.16.3, with libpcap 1.0.0, with
libz 1.2.3, without POSIX capabilities, with libpcre 7.8, with SMI 0.4.8, with
c-ares 1.5.3, with Lua 5.1, with GnuTLS 2.6.2, with Gcrypt 1.4.3, with MIT
Kerberos, without GeoIP, with PortAudio V19-devel (built Nov 14 2008), without
AirPcap.

Running on Darwin 10.3.0 (MacOS 10.6.3), with libpcap version 1.0.0, GnuTLS
2.6.2, Gcrypt 1.4.3.

Built using gcc 4.0.1 (Apple Inc. build 5488).

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
The "MATCH"-part of an ORFEntry-PrefixList is decoded as "Permit", also when it
is actually a "Deny"

I use the following Cisco-IOS prefix-list:

ip prefix-list INBOUND-FILTER seq 1 deny 172.16.1.0/27 le 32
ip prefix-list INBOUND-FILTER seq 2 permit 10.128.0.0/22 le 32
ip prefix-list INBOUND-FILTER seq 3 permit 172.16.1.0/26 le 32

In wireshark, the first "deny" is also printed as a "permit".
The corresponding RFC is 5292, the capture is attached (2nd last packet).

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.