Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 4411] Enhancement in bgp dissector

Date: Tue, 9 Aug 2011 15:58:05 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4411

Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |jeff.morriss.ws@xxxxxxxxx
         Resolution|                            |WONTFIX

--- Comment #2 from Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> 2011-08-09 15:58:02 PDT ---
(In reply to comment #0)
> RFC 4760 (chapter 10) turn field "Number of SNPA" into a reserve state.
> 
> It is possible to modify code that processes atribute BGPTYPE_MP_REACH_NLRI in
> BGP dissector?

The code in question already (or at least now) has a comment about this:

~~~
                case BGPTYPE_MP_REACH_NLRI:
                    /*
                     * RFC 2545 specifies that there may be more than one
                     * address in the MP_REACH_NLRI attribute in section
                     * 3, "Constructing the Next Hop field".
                     *
                     * Yes, RFC 2858 says you can't do that, and, yes, RFC
                     * 2858 obsoletes RFC 2283, which says you can do that,
                     * but that doesn't mean we shouldn't dissect packets
                     * that conform to RFC 2283 but not RFC 2858, as some
                     * device on the network might implement the 2283-style
                     * BGP extensions rather than RFC 2858-style extensions.
                     */
~~~

That is, just because a packet is NOW deprecated, does not mean that Wireshark
won't see old-style packets (possibly not until many years after the
deprecation happens).

So, at least if I understand this bug correctly, Wireshark should stay as it is
(at least until we're sure that this format is no longer used in the wild).

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.