Aclcheck.py thinks IP does not include TCP

[GoogleCodeExporter]

What steps will reproduce the problem?
1. create term using "protocol:: ip:

term block-stuff {
  source-address:: MY_NETWORKS
  protocol:: ip
  logging:: true
  action:: deny
}

2.

Use ./aclcheck_cmdline.py to test the ACL with --proto ip. It works.
IP address 1.2.3.4 is in MY_NETWORKS.

./aclcheck_cmdline.py -p policies/toSERV03-WCM-IFZ.pol -s 1.2.3.4 -d 5.6.7.8 
--dport 80 --proto ip
  filter: toSERV03-WCM-IFZ
          term: block-stuff
                deny


3.

Use ./aclcheck_cmdline.py to test the ACL with --proto tcp. It *should* work 
just like the case above, since it is supposed to block all IP packets; but it 
does not. It rolls over the next term.

./aclcheck_cmdline.py -p policies/toSERV03-WCM-IFZ.pol -s 1.2.3.4 -d 5.6.7.8 
--dport 80 --proto tcp
  filter: toSERV03-WCM-IFZ
          term: default-deny
                deny


What version of the product are you using? On what operating system?

r145 with minor modifications on linux RHEL5.

Please provide any additional information below.

Original issue reported on code.google.com by [email protected] on 23 Sep 2011 at 10:34

[GoogleCodeExporter]

I'll be taking a look at this shortly.  
Thanks for reporting this.

Original comment by watson on 29 Sep 2011 at 3:00

• Changed state: Accepted
• Added labels: Priority-Low
• Removed labels: Priority-Medium

[GoogleCodeExporter]

I'll be taking a look at this shortly.  
Thanks for reporting this.

Original comment by watson on 29 Sep 2011 at 3:00