]> The Tcpdump Group git mirrors - tcpdump/blobdiff - print-bgp.c
projects / tcpdump / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
change make check to work with POSIX shell
[tcpdump] / print-bgp.c
diff --git a/print-bgp.c b/print-bgp.c
index 7c7229996bd12e9a8585c41a85df262cd39e4fdc..7db3c6bb0f93931a2cdddae9ff55cdf544dac2f5 100644 (file)
--- a/print-bgp.c
+++ b/print-bgp.c
@@ -26,25 +26,29 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * Extensively modified by Hannes Gredler (hannes@juniper.net) for more
+ * Extensively modified by Hannes Gredler (hannes@gredler.at) for more
  * complete BGP support.
  */
 
+/* \summary: Border Gateway Protocol (BGP) printer */
+
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
 
-#include <tcpdump-stdinc.h>
+#include <netdissect-stdinc.h>
 
 #include <stdio.h>
 #include <string.h>
 
-#include "interface.h"
+#include "netdissect.h"
 #include "addrtoname.h"
 #include "extract.h"
 #include "af.h"
 #include "l2vpn.h"
 
+static const char tstr[] = "[|BGP]";
+
 struct bgp {
        uint8_t bgp_marker[16];
        uint16_t bgp_len;
@@ -120,19 +124,25 @@ struct bgp_route_refresh {
 #define BGPTYPE_ATOMIC_AGGREGATE       6
 #define BGPTYPE_AGGREGATOR             7
 #define        BGPTYPE_COMMUNITIES             8       /* RFC1997 */
-#define        BGPTYPE_ORIGINATOR_ID           9       /* RFC1998 */
-#define        BGPTYPE_CLUSTER_LIST            10      /* RFC1998 */
-#define        BGPTYPE_DPA                     11      /* draft-ietf-idr-bgp-dpa */
-#define        BGPTYPE_ADVERTISERS             12      /* RFC1863 */
-#define        BGPTYPE_RCID_PATH               13      /* RFC1863 */
-#define BGPTYPE_MP_REACH_NLRI          14      /* RFC2283 */
-#define BGPTYPE_MP_UNREACH_NLRI                15      /* RFC2283 */
-#define BGPTYPE_EXTD_COMMUNITIES        16      /* draft-ietf-idr-bgp-ext-communities */
-#define BGPTYPE_AS4_PATH               17      /* RFC4893 */
-#define BGPTYPE_AGGREGATOR4            18      /* RFC4893 */
-#define BGPTYPE_PMSI_TUNNEL             22      /* draft-ietf-l3vpn-2547bis-mcast-bgp-02.txt */
+#define        BGPTYPE_ORIGINATOR_ID           9       /* RFC4456 */
+#define        BGPTYPE_CLUSTER_LIST            10      /* RFC4456 */
+#define        BGPTYPE_DPA                     11      /* deprecated, draft-ietf-idr-bgp-dpa */
+#define        BGPTYPE_ADVERTISERS             12      /* deprecated RFC1863 */
+#define        BGPTYPE_RCID_PATH               13      /* deprecated RFC1863 */
+#define BGPTYPE_MP_REACH_NLRI          14      /* RFC4760 */
+#define BGPTYPE_MP_UNREACH_NLRI                15      /* RFC4760 */
+#define BGPTYPE_EXTD_COMMUNITIES        16      /* RFC4360 */
+#define BGPTYPE_AS4_PATH               17      /* RFC6793 */
+#define BGPTYPE_AGGREGATOR4            18      /* RFC6793 */
+#define BGPTYPE_PMSI_TUNNEL             22      /* RFC6514 */
+#define BGPTYPE_TUNNEL_ENCAP            23      /* RFC5512 */
+#define BGPTYPE_TRAFFIC_ENG             24      /* RFC5543 */
+#define BGPTYPE_IPV6_EXTD_COMMUNITIES   25      /* RFC5701 */
 #define BGPTYPE_AIGP                    26      /* RFC7311 */
-#define BGPTYPE_ATTR_SET               128      /* draft-marques-ppvpn-ibgp */
+#define BGPTYPE_PE_DISTINGUISHER_LABEL  27      /* RFC6514 */
+#define BGPTYPE_ENTROPY_LABEL           28      /* RFC6790 */
+#define BGPTYPE_LARGE_COMMUNITY                32      /* draft-ietf-idr-large-community-05 */
+#define BGPTYPE_ATTR_SET               128      /* RFC6368 */
 
 #define BGP_MP_NLRI_MINSIZE              3       /* End of RIB Marker detection */
 
@@ -156,7 +166,13 @@ static const struct tok bgp_attr_values[] = {
     { BGPTYPE_MP_UNREACH_NLRI,  "Multi-Protocol Unreach NLRI"},
     { BGPTYPE_EXTD_COMMUNITIES, "Extended Community"},
     { BGPTYPE_PMSI_TUNNEL,      "PMSI Tunnel"},
+    { BGPTYPE_TUNNEL_ENCAP,     "Tunnel Encapsulation"},
+    { BGPTYPE_TRAFFIC_ENG,      "Traffic Engineering"},
+    { BGPTYPE_IPV6_EXTD_COMMUNITIES, "IPv6 Extended Community"},
     { BGPTYPE_AIGP,             "Accumulated IGP Metric"},
+    { BGPTYPE_PE_DISTINGUISHER_LABEL, "PE Distinguisher Label"},
+    { BGPTYPE_ENTROPY_LABEL,    "Entropy Label"},
+    { BGPTYPE_LARGE_COMMUNITY,  "Large Community"},
     { BGPTYPE_ATTR_SET,         "Attribute Set"},
     { 255,                      "Reserved for development"},
     { 0, NULL}
@@ -189,30 +205,37 @@ static const struct tok bgp_as_path_segment_close_values[] = {
 #define BGP_OPT_AUTH                    1
 #define BGP_OPT_CAP                     2
 
-
 static const struct tok bgp_opt_values[] = {
     { BGP_OPT_AUTH,             "Authentication Information"},
     { BGP_OPT_CAP,              "Capabilities Advertisement"},
     { 0, NULL}
 };
 
-#define BGP_CAPCODE_MP                  1
-#define BGP_CAPCODE_RR                  2
-#define BGP_CAPCODE_ORF                 3 /* XXX */
-#define BGP_CAPCODE_RESTART            64 /* draft-ietf-idr-restart-05  */
-#define BGP_CAPCODE_AS_NEW             65 /* XXX */
-#define BGP_CAPCODE_DYN_CAP            67 /* XXX */
-#define BGP_CAPCODE_ADD_PATH           69 /* draft-ietf-idr-add-paths-10 */
+#define BGP_CAPCODE_MP                  1 /* RFC2858 */
+#define BGP_CAPCODE_RR                  2 /* RFC2918 */
+#define BGP_CAPCODE_ORF                 3 /* RFC5291 */
+#define BGP_CAPCODE_MR                  4 /* RFC3107 */
+#define BGP_CAPCODE_EXT_NH              5 /* RFC5549 */
+#define BGP_CAPCODE_RESTART            64 /* RFC4724  */
+#define BGP_CAPCODE_AS_NEW             65 /* RFC6793 */
+#define BGP_CAPCODE_DYN_CAP            67 /* draft-ietf-idr-dynamic-cap */
+#define BGP_CAPCODE_MULTISESS          68 /* draft-ietf-idr-bgp-multisession */
+#define BGP_CAPCODE_ADD_PATH           69 /* RFC7911 */
+#define BGP_CAPCODE_ENH_RR             70 /* draft-keyur-bgp-enhanced-route-refresh */
 #define BGP_CAPCODE_RR_CISCO          128
 
 static const struct tok bgp_capcode_values[] = {
     { BGP_CAPCODE_MP,           "Multiprotocol Extensions"},
     { BGP_CAPCODE_RR,           "Route Refresh"},
     { BGP_CAPCODE_ORF,          "Cooperative Route Filtering"},
+    { BGP_CAPCODE_MR,           "Multiple Routes to a Destination"},
+    { BGP_CAPCODE_EXT_NH,       "Extended Next Hop Encoding"},
     { BGP_CAPCODE_RESTART,      "Graceful Restart"},
     { BGP_CAPCODE_AS_NEW,       "32-Bit AS Number"},
     { BGP_CAPCODE_DYN_CAP,      "Dynamic Capability"},
+    { BGP_CAPCODE_MULTISESS,    "Multisession BGP"},
     { BGP_CAPCODE_ADD_PATH,     "Multiple Paths"},
+    { BGP_CAPCODE_ENH_RR,       "Enhanced Route Refresh"},
     { BGP_CAPCODE_RR_CISCO,     "Route Refresh (Cisco)"},
     { 0, NULL}
 };
@@ -282,6 +305,13 @@ static const struct tok bgp_notify_minor_update_values[] = {
     { 0, NULL}
 };
 
+static const struct tok bgp_notify_minor_fsm_values[] = {
+    { 1,                        "In OpenSent State"},
+    { 2,                        "In OpenConfirm State"},
+    { 3,                        "In Established State"},
+    { 0, NULL }
+};
+
 static const struct tok bgp_notify_minor_cap_values[] = {
     { 1,                        "Invalid Action Value" },
     { 2,                        "Invalid Capability Length" },
@@ -328,25 +358,27 @@ static const struct tok bgp_aigp_values[] = {
     { 0, NULL}
 };
 
-
 /* Subsequent address family identifier, RFC2283 section 7 */
 #define SAFNUM_RES                      0
 #define SAFNUM_UNICAST                  1
 #define SAFNUM_MULTICAST                2
-#define SAFNUM_UNIMULTICAST             3
+#define SAFNUM_UNIMULTICAST             3       /* deprecated now */
 /* labeled BGP RFC3107 */
 #define SAFNUM_LABUNICAST               4
-/* draft-ietf-l3vpn-2547bis-mcast-bgp-02.txt */
+/* RFC6514 */
 #define SAFNUM_MULTICAST_VPN            5
-#define SAFNUM_TUNNEL                   64 /* XXX */
-#define SAFNUM_VPLS                     65 /* XXX */
-/* draft-nalawade-idr-mdt-safi-03 */
+/* draft-nalawade-kapoor-tunnel-safi */
+#define SAFNUM_TUNNEL                   64
+/* RFC4761 */
+#define SAFNUM_VPLS                     65
+/* RFC6037 */
 #define SAFNUM_MDT                      66
-/* Section 4.3.4 of draft-rosen-rfc2547bis-03.txt  */
+/* RFC4364 */
 #define SAFNUM_VPNUNICAST               128
+/* RFC6513 */
 #define SAFNUM_VPNMULTICAST             129
-#define SAFNUM_VPNUNIMULTICAST          130
-/* draft-marques-ppvpn-rt-constrain-01.txt */
+#define SAFNUM_VPNUNIMULTICAST          130     /* deprecated now */
+/* RFC4684 */
 #define SAFNUM_RT_ROUTING_INFO          132
 
 #define BGP_VPN_RD_LEN                  8
@@ -400,7 +432,6 @@ static const struct tok bgp_safi_values[] = {
 #define BGP_EXT_COM_L2VPN_RT_0  0x000a  /* L2VPN Identifier,Format AS(2bytes):AN(4bytes) */
 #define BGP_EXT_COM_L2VPN_RT_1  0xF10a  /* L2VPN Identifier,Format IP address:AN(2bytes) */
 
-
 /* http://www.cisco.com/en/US/tech/tk436/tk428/technologies_tech_note09186a00801eb09a.shtml  */
 #define BGP_EXT_COM_EIGRP_GEN   0x8800
 #define BGP_EXT_COM_EIGRP_METRIC_AS_DELAY  0x8801
@@ -520,7 +551,7 @@ decode_prefix4(netdissect_options *ndo,
                ((u_char *)&addr)[plenbytes - 1] &=
                        ((0xff00 >> (plen % 8)) & 0xff);
        }
-       snprintf(buf, buflen, "%s/%d", getname(ndo, (u_char *)&addr), plen);
+       snprintf(buf, buflen, "%s/%d", ipaddr_string(ndo, &addr), plen);
        return 1 + plenbytes;
 
 trunc:
@@ -570,7 +601,7 @@ decode_labeled_prefix4(netdissect_options *ndo,
        }
         /* the label may get offsetted by 4 bits so lets shift it right */
        snprintf(buf, buflen, "%s/%d, label:%u %s",
-                 getname(ndo, (u_char *)&addr),
+                 ipaddr_string(ndo, &addr),
                  plen,
                  EXTRACT_24BITS(pptr+1)>>4,
                  ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" );
@@ -603,12 +634,10 @@ bgp_vpn_ip_print(netdissect_options *ndo,
         ND_TCHECK2(pptr[0], sizeof(struct in_addr));
         snprintf(pos, sizeof(addr), "%s", ipaddr_string(ndo, pptr));
         break;
-#ifdef INET6
     case (sizeof(struct in6_addr) << 3): /* 128 */
         ND_TCHECK2(pptr[0], sizeof(struct in6_addr));
         snprintf(pos, sizeof(addr), "%s", ip6addr_string(ndo, pptr));
         break;
-#endif
     default:
         snprintf(pos, sizeof(addr), "bogus address length %u", addr_length);
         break;
@@ -679,7 +708,6 @@ trunc:
     return (total_length);
 }
 
-
 /* RDs and RTs share the same semantics
  * we use bgp_vpn_rd_print for
  * printing route targets inside a NLRI */
@@ -730,11 +758,18 @@ decode_rt_routing_info(netdissect_options *ndo,
 {
        uint8_t route_target[8];
        u_int plen;
+       char asbuf[sizeof(astostr)]; /* bgp_vpn_rd_print() overwrites astostr */
 
+       /* NLRI "prefix length" from RFC 2858 Section 4. */
        ND_TCHECK(pptr[0]);
        plen = pptr[0];   /* get prefix length */
 
+       /* NLRI "prefix" (ibid), valid lengths are { 0, 32, 33, ..., 96 } bits.
+        * RFC 4684 Section 4 defines the layout of "origin AS" and "route
+        * target" fields inside the "prefix" depending on its length.
+        */
        if (0 == plen) {
+               /* Without "origin AS", without "route target". */
                snprintf(buf, buflen, "default route target");
                return 1;
        }
@@ -742,20 +777,29 @@ decode_rt_routing_info(netdissect_options *ndo,
        if (32 > plen)
                return -1;
 
+       /* With at least "origin AS", possibly with "route target". */
+       ND_TCHECK_32BITS(pptr + 1);
+       as_printf(ndo, asbuf, sizeof(asbuf), EXTRACT_32BITS(pptr + 1));
+
         plen-=32; /* adjust prefix length */
 
        if (64 < plen)
                return -1;
 
+       /* From now on (plen + 7) / 8 evaluates to { 0, 1, 2, ..., 8 }
+        * and gives the number of octets in the variable-length "route
+        * target" field inside this NLRI "prefix". Look for it.
+        */
        memset(&route_target, 0, sizeof(route_target));
-       ND_TCHECK2(pptr[1], (plen + 7) / 8);
-       memcpy(&route_target, &pptr[1], (plen + 7) / 8);
+       ND_TCHECK2(pptr[5], (plen + 7) / 8);
+       memcpy(&route_target, &pptr[5], (plen + 7) / 8);
+       /* Which specification says to do this? */
        if (plen % 8) {
                ((u_char *)&route_target)[(plen + 7) / 8 - 1] &=
                        ((0xff00 >> (plen % 8)) & 0xff);
        }
        snprintf(buf, buflen, "origin AS: %s, route target %s",
-           as_printf(ndo, astostr, sizeof(astostr), EXTRACT_32BITS(pptr+1)),
+           asbuf,
            bgp_vpn_rd_print(ndo, (u_char *)&route_target));
 
        return 5 + (plen + 7) / 8;
@@ -792,7 +836,7 @@ decode_labeled_vpn_prefix4(netdissect_options *ndo,
         /* the label may get offsetted by 4 bits so lets shift it right */
        snprintf(buf, buflen, "RD: %s, %s/%d, label:%u %s",
                  bgp_vpn_rd_print(ndo, pptr+4),
-                 getname(ndo, (u_char *)&addr),
+                 ipaddr_string(ndo, &addr),
                  plen,
                  EXTRACT_24BITS(pptr+1)>>4,
                  ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" );
@@ -869,6 +913,7 @@ static const struct tok bgp_multicast_vpn_route_type_values[] = {
     { BGP_MULTICAST_VPN_ROUTE_TYPE_SOURCE_ACTIVE, "Source-Active"},
     { BGP_MULTICAST_VPN_ROUTE_TYPE_SHARED_TREE_JOIN, "Shared Tree Join"},
     { BGP_MULTICAST_VPN_ROUTE_TYPE_SOURCE_TREE_JOIN, "Source Tree Join"},
+    { 0, NULL}
 };
 
 static int
@@ -933,13 +978,13 @@ decode_multicast_vpn(netdissect_options *ndo,
 
         case BGP_MULTICAST_VPN_ROUTE_TYPE_SHARED_TREE_JOIN: /* fall through */
         case BGP_MULTICAST_VPN_ROUTE_TYPE_SOURCE_TREE_JOIN:
-            ND_TCHECK2(pptr[0], BGP_VPN_RD_LEN);
+            ND_TCHECK2(pptr[0], BGP_VPN_RD_LEN + 4);
             offset = strlen(buf);
            snprintf(buf + offset, buflen - offset, ", RD: %s, Source-AS %s",
                bgp_vpn_rd_print(ndo, pptr),
                as_printf(ndo, astostr, sizeof(astostr),
                EXTRACT_32BITS(pptr + BGP_VPN_RD_LEN)));
-            pptr += BGP_VPN_RD_LEN;
+            pptr += BGP_VPN_RD_LEN + 4;
 
             bgp_vpn_sg_print(ndo, pptr, buf, buflen);
             break;
@@ -968,21 +1013,21 @@ trunc:
  * the buffer would have overflowed; again, set buflen to 0 in
  * that case.
  */
-#define UPDATE_BUF_BUFLEN(buf, buflen, strlen) \
-    if (strlen<0) \
-               buflen=0; \
-    else if ((u_int)strlen>buflen) \
+#define UPDATE_BUF_BUFLEN(buf, buflen, stringlen) \
+    if (stringlen<0) \
+        buflen=0; \
+    else if ((u_int)stringlen>buflen) \
         buflen=0; \
     else { \
-        buflen-=strlen; \
-       buf+=strlen; \
+        buflen-=stringlen; \
+       buf+=stringlen; \
     }
 
 static int
 decode_labeled_vpn_l2(netdissect_options *ndo,
                       const u_char *pptr, char *buf, u_int buflen)
 {
-        int plen,tlen,strlen,tlv_type,tlv_len,ttlv_len;
+        int plen,tlen,stringlen,tlv_type,tlv_len,ttlv_len;
 
        ND_TCHECK2(pptr[0], 2);
         plen=EXTRACT_16BITS(pptr);
@@ -996,12 +1041,11 @@ decode_labeled_vpn_l2(netdissect_options *ndo,
            /* assume AD-only with RD, BGPNH */
            ND_TCHECK2(pptr[0],12);
            buf[0]='\0';
-           strlen=snprintf(buf, buflen, "RD: %s, BGPNH: %s",
-                           bgp_vpn_rd_print(ndo, pptr),
-                           /* need something like getname(ndo, ) here */
-                           getname(ndo, pptr+8)
-                           );
-           UPDATE_BUF_BUFLEN(buf, buflen, strlen);
+           stringlen=snprintf(buf, buflen, "RD: %s, BGPNH: %s",
+                              bgp_vpn_rd_print(ndo, pptr),
+                              ipaddr_string(ndo, pptr+8)
+                              );
+           UPDATE_BUF_BUFLEN(buf, buflen, stringlen);
            pptr+=12;
            tlen-=12;
            return plen;
@@ -1011,12 +1055,12 @@ decode_labeled_vpn_l2(netdissect_options *ndo,
 
            ND_TCHECK2(pptr[0],15);
            buf[0]='\0';
-           strlen=snprintf(buf, buflen, "RD: %s, CE-ID: %u, Label-Block Offset: %u, Label Base %u",
-                           bgp_vpn_rd_print(ndo, pptr),
-                           EXTRACT_16BITS(pptr+8),
-                           EXTRACT_16BITS(pptr+10),
-                           EXTRACT_24BITS(pptr+12)>>4); /* the label is offsetted by 4 bits so lets shift it right */
-           UPDATE_BUF_BUFLEN(buf, buflen, strlen);
+           stringlen=snprintf(buf, buflen, "RD: %s, CE-ID: %u, Label-Block Offset: %u, Label Base %u",
+                              bgp_vpn_rd_print(ndo, pptr),
+                              EXTRACT_16BITS(pptr+8),
+                              EXTRACT_16BITS(pptr+10),
+                              EXTRACT_24BITS(pptr+12)>>4); /* the label is offsetted by 4 bits so lets shift it right */
+           UPDATE_BUF_BUFLEN(buf, buflen, stringlen);
            pptr+=15;
            tlen-=15;
 
@@ -1033,27 +1077,27 @@ decode_labeled_vpn_l2(netdissect_options *ndo,
                switch(tlv_type) {
                case 1:
                    if (buflen!=0) {
-                       strlen=snprintf(buf,buflen, "\n\t\tcircuit status vector (%u) length: %u: 0x",
-                                       tlv_type,
-                                       tlv_len);
-                       UPDATE_BUF_BUFLEN(buf, buflen, strlen);
+                       stringlen=snprintf(buf,buflen, "\n\t\tcircuit status vector (%u) length: %u: 0x",
+                                          tlv_type,
+                                          tlv_len);
+                       UPDATE_BUF_BUFLEN(buf, buflen, stringlen);
                    }
                    ttlv_len=ttlv_len/8+1; /* how many bytes do we need to read ? */
                    while (ttlv_len>0) {
                        ND_TCHECK(pptr[0]);
                        if (buflen!=0) {
-                           strlen=snprintf(buf,buflen, "%02x",*pptr++);
-                           UPDATE_BUF_BUFLEN(buf, buflen, strlen);
+                           stringlen=snprintf(buf,buflen, "%02x",*pptr++);
+                           UPDATE_BUF_BUFLEN(buf, buflen, stringlen);
                        }
                        ttlv_len--;
                    }
                    break;
                default:
                    if (buflen!=0) {
-                       strlen=snprintf(buf,buflen, "\n\t\tunknown TLV #%u, length: %u",
-                                       tlv_type,
-                                       tlv_len);
-                       UPDATE_BUF_BUFLEN(buf, buflen, strlen);
+                       stringlen=snprintf(buf,buflen, "\n\t\tunknown TLV #%u, length: %u",
+                                          tlv_type,
+                                          tlv_len);
+                       UPDATE_BUF_BUFLEN(buf, buflen, stringlen);
                    }
                    break;
                }
@@ -1071,7 +1115,6 @@ trunc:
         return -2;
 }
 
-#ifdef INET6
 int
 decode_prefix6(netdissect_options *ndo,
                const u_char *pd, u_int itemlen, char *buf, u_int buflen)
@@ -1095,7 +1138,7 @@ decode_prefix6(netdissect_options *ndo,
                addr.s6_addr[plenbytes - 1] &=
                        ((0xff00 >> (plen % 8)) & 0xff);
        }
-       snprintf(buf, buflen, "%s/%d", getname6(ndo, (u_char *)&addr), plen);
+       snprintf(buf, buflen, "%s/%d", ip6addr_string(ndo, &addr), plen);
        return 1 + plenbytes;
 
 trunc:
@@ -1136,7 +1179,7 @@ decode_labeled_prefix6(netdissect_options *ndo,
        }
         /* the label may get offsetted by 4 bits so lets shift it right */
        snprintf(buf, buflen, "%s/%d, label:%u %s",
-                 getname6(ndo, (u_char *)&addr),
+                 ip6addr_string(ndo, &addr),
                  plen,
                  EXTRACT_24BITS(pptr+1)>>4,
                  ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" );
@@ -1178,7 +1221,7 @@ decode_labeled_vpn_prefix6(netdissect_options *ndo,
         /* the label may get offsetted by 4 bits so lets shift it right */
        snprintf(buf, buflen, "RD: %s, %s/%d, label:%u %s",
                  bgp_vpn_rd_print(ndo, pptr+4),
-                 getname6(ndo, (u_char *)&addr),
+                 ip6addr_string(ndo, &addr),
                  plen,
                  EXTRACT_24BITS(pptr+1)>>4,
                  ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" );
@@ -1188,7 +1231,6 @@ decode_labeled_vpn_prefix6(netdissect_options *ndo,
 trunc:
        return -2;
 }
-#endif
 
 static int
 decode_clnp_prefix(netdissect_options *ndo,
@@ -1211,7 +1253,7 @@ decode_clnp_prefix(netdissect_options *ndo,
                        ((0xff00 >> (plen % 8)) & 0xff);
        }
        snprintf(buf, buflen, "%s/%d",
-                 isonsap_string(addr,(plen + 7) / 8),
+                 isonsap_string(ndo, addr,(plen + 7) / 8),
                  plen);
 
        return 1 + (plen + 7) / 8;
@@ -1248,7 +1290,7 @@ decode_labeled_vpn_clnp_prefix(netdissect_options *ndo,
         /* the label may get offsetted by 4 bits so lets shift it right */
        snprintf(buf, buflen, "RD: %s, %s/%d, label:%u %s",
                  bgp_vpn_rd_print(ndo, pptr+4),
-                 isonsap_string(addr,(plen + 7) / 8),
+                 isonsap_string(ndo, addr,(plen + 7) / 8),
                  plen,
                  EXTRACT_24BITS(pptr+1)>>4,
                  ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" );
@@ -1319,7 +1361,7 @@ trunc:
 
 static int
 bgp_attr_print(netdissect_options *ndo,
-               u_int atype, const u_char *pptr, u_int len)
+               u_int atype, const u_char *pptr, u_int len, const unsigned attr_set_level)
 {
        int i;
        uint16_t af;
@@ -1349,7 +1391,6 @@ bgp_attr_print(netdissect_options *ndo,
                }
                break;
 
-
         /*
          * Process AS4 byte path and AS2 byte path attributes here.
          */
@@ -1378,6 +1419,7 @@ bgp_attr_print(netdissect_options *ndo,
                        ND_TCHECK(tptr[0]);
                         ND_PRINT((ndo, "%s", tok2str(bgp_as_path_segment_open_values,
                                                "?", tptr[0])));
+                       ND_TCHECK(tptr[1]);
                         for (i = 0; i < tptr[1] * as_size; i += as_size) {
                             ND_TCHECK2(tptr[2 + i], as_size);
                            ND_PRINT((ndo, "%s ",
@@ -1398,7 +1440,7 @@ bgp_attr_print(netdissect_options *ndo,
                        ND_PRINT((ndo, "invalid len"));
                else {
                        ND_TCHECK2(tptr[0], 4);
-                       ND_PRINT((ndo, "%s", getname(ndo, tptr)));
+                       ND_PRINT((ndo, "%s", ipaddr_string(ndo, tptr)));
                }
                break;
        case BGPTYPE_MULTI_EXIT_DISC:
@@ -1428,11 +1470,11 @@ bgp_attr_print(netdissect_options *ndo,
                 if (len == 6) {
                    ND_PRINT((ndo, " AS #%s, origin %s",
                        as_printf(ndo, astostr, sizeof(astostr), EXTRACT_16BITS(tptr)),
-                       getname(ndo, tptr + 2)));
+                       ipaddr_string(ndo, tptr + 2)));
                 } else {
                    ND_PRINT((ndo, " AS #%s, origin %s",
                        as_printf(ndo, astostr, sizeof(astostr),
-                       EXTRACT_32BITS(tptr)), getname(ndo, tptr + 4)));
+                       EXTRACT_32BITS(tptr)), ipaddr_string(ndo, tptr + 4)));
                 }
                 break;
        case BGPTYPE_AGGREGATOR4:
@@ -1442,8 +1484,8 @@ bgp_attr_print(netdissect_options *ndo,
                }
                ND_TCHECK2(tptr[0], 8);
                ND_PRINT((ndo, " AS #%s, origin %s",
-                   as_printf(ndo, astostr, sizeof(astostr), EXTRACT_32BITS(tptr)),
-                   getname(ndo, tptr + 4)));
+                   as_printf(ndo, astostr, sizeof(astostr), EXTRACT_32BITS(tptr)),
+                   ipaddr_string(ndo, tptr + 4)));
                break;
        case BGPTYPE_COMMUNITIES:
                if (len % 4) {
@@ -1481,7 +1523,7 @@ bgp_attr_print(netdissect_options *ndo,
                        break;
                }
                ND_TCHECK2(tptr[0], 4);
-                ND_PRINT((ndo, "%s",getname(ndo, tptr)));
+                ND_PRINT((ndo, "%s",ipaddr_string(ndo, tptr)));
                 break;
         case BGPTYPE_CLUSTER_LIST:
                if (len % 4) {
@@ -1491,7 +1533,7 @@ bgp_attr_print(netdissect_options *ndo,
                 while (tlen>0) {
                        ND_TCHECK2(tptr[0], 4);
                         ND_PRINT((ndo, "%s%s",
-                               getname(ndo, tptr),
+                               ipaddr_string(ndo, tptr),
                                 (tlen>4) ? ", " : ""));
                         tlen -=4;
                         tptr +=4;
@@ -1520,7 +1562,6 @@ bgp_attr_print(netdissect_options *ndo,
                 case (AFNUM_INET<<8 | SAFNUM_VPNUNIMULTICAST):
                 case (AFNUM_INET<<8 | SAFNUM_MULTICAST_VPN):
                case (AFNUM_INET<<8 | SAFNUM_MDT):
-#ifdef INET6
                 case (AFNUM_INET6<<8 | SAFNUM_UNICAST):
                 case (AFNUM_INET6<<8 | SAFNUM_MULTICAST):
                 case (AFNUM_INET6<<8 | SAFNUM_UNIMULTICAST):
@@ -1528,7 +1569,6 @@ bgp_attr_print(netdissect_options *ndo,
                 case (AFNUM_INET6<<8 | SAFNUM_VPNUNICAST):
                 case (AFNUM_INET6<<8 | SAFNUM_VPNMULTICAST):
                 case (AFNUM_INET6<<8 | SAFNUM_VPNUNIMULTICAST):
-#endif
                 case (AFNUM_NSAP<<8 | SAFNUM_UNICAST):
                 case (AFNUM_NSAP<<8 | SAFNUM_MULTICAST):
                 case (AFNUM_NSAP<<8 | SAFNUM_UNIMULTICAST):
@@ -1576,7 +1616,7 @@ bgp_attr_print(netdissect_options *ndo,
                                 tlen = 0;
                             } else {
                                 ND_TCHECK2(tptr[0], sizeof(struct in_addr));
-                                ND_PRINT((ndo, "%s",getname(ndo, tptr)));
+                                ND_PRINT((ndo, "%s",ipaddr_string(ndo, tptr)));
                                 tlen -= sizeof(struct in_addr);
                                 tptr += sizeof(struct in_addr);
                             }
@@ -1591,12 +1631,11 @@ bgp_attr_print(netdissect_options *ndo,
                                 ND_TCHECK2(tptr[0], sizeof(struct in_addr)+BGP_VPN_RD_LEN);
                                 ND_PRINT((ndo, "RD: %s, %s",
                                        bgp_vpn_rd_print(ndo, tptr),
-                                       getname(ndo, tptr+BGP_VPN_RD_LEN)));
+                                       ipaddr_string(ndo, tptr+BGP_VPN_RD_LEN)));
                                 tlen -= (sizeof(struct in_addr)+BGP_VPN_RD_LEN);
                                 tptr += (sizeof(struct in_addr)+BGP_VPN_RD_LEN);
                             }
                             break;
-#ifdef INET6
                         case (AFNUM_INET6<<8 | SAFNUM_UNICAST):
                         case (AFNUM_INET6<<8 | SAFNUM_MULTICAST):
                         case (AFNUM_INET6<<8 | SAFNUM_UNIMULTICAST):
@@ -1606,7 +1645,7 @@ bgp_attr_print(netdissect_options *ndo,
                                 tlen = 0;
                             } else {
                                 ND_TCHECK2(tptr[0], sizeof(struct in6_addr));
-                                ND_PRINT((ndo, "%s", getname6(ndo, tptr)));
+                                ND_PRINT((ndo, "%s", ip6addr_string(ndo, tptr)));
                                 tlen -= sizeof(struct in6_addr);
                                 tptr += sizeof(struct in6_addr);
                             }
@@ -1621,12 +1660,11 @@ bgp_attr_print(netdissect_options *ndo,
                                 ND_TCHECK2(tptr[0], sizeof(struct in6_addr)+BGP_VPN_RD_LEN);
                                 ND_PRINT((ndo, "RD: %s, %s",
                                        bgp_vpn_rd_print(ndo, tptr),
-                                       getname6(ndo, tptr+BGP_VPN_RD_LEN)));
+                                       ip6addr_string(ndo, tptr+BGP_VPN_RD_LEN)));
                                 tlen -= (sizeof(struct in6_addr)+BGP_VPN_RD_LEN);
                                 tptr += (sizeof(struct in6_addr)+BGP_VPN_RD_LEN);
                             }
                             break;
-#endif
                         case (AFNUM_VPLS<<8 | SAFNUM_VPLS):
                         case (AFNUM_L2VPN<<8 | SAFNUM_VPNUNICAST):
                         case (AFNUM_L2VPN<<8 | SAFNUM_VPNMULTICAST):
@@ -1636,7 +1674,7 @@ bgp_attr_print(netdissect_options *ndo,
                                 tlen = 0;
                             } else {
                                 ND_TCHECK2(tptr[0], sizeof(struct in_addr));
-                                ND_PRINT((ndo, "%s", getname(ndo, tptr)));
+                                ND_PRINT((ndo, "%s", ipaddr_string(ndo, tptr)));
                                 tlen -= (sizeof(struct in_addr));
                                 tptr += (sizeof(struct in_addr));
                             }
@@ -1645,7 +1683,7 @@ bgp_attr_print(netdissect_options *ndo,
                         case (AFNUM_NSAP<<8 | SAFNUM_MULTICAST):
                         case (AFNUM_NSAP<<8 | SAFNUM_UNIMULTICAST):
                             ND_TCHECK2(tptr[0], tlen);
-                            ND_PRINT((ndo, "%s", isonsap_string(tptr, tlen)));
+                            ND_PRINT((ndo, "%s", isonsap_string(ndo, tptr, tlen)));
                             tptr += tlen;
                             tlen = 0;
                             break;
@@ -1660,15 +1698,15 @@ bgp_attr_print(netdissect_options *ndo,
                                 ND_TCHECK2(tptr[0], tlen);
                                 ND_PRINT((ndo, "RD: %s, %s",
                                        bgp_vpn_rd_print(ndo, tptr),
-                                       isonsap_string(tptr+BGP_VPN_RD_LEN,tlen-BGP_VPN_RD_LEN)));
+                                       isonsap_string(ndo, tptr+BGP_VPN_RD_LEN,tlen-BGP_VPN_RD_LEN)));
                                 /* rfc986 mapped IPv4 address ? */
-                                if (EXTRACT_32BITS(tptr+BGP_VPN_RD_LEN) ==  0x47000601)
-                                    ND_PRINT((ndo, " = %s", getname(ndo, tptr+BGP_VPN_RD_LEN+4)));
-#ifdef INET6
+                                if (tlen == BGP_VPN_RD_LEN + 4 + sizeof(struct in_addr)
+                                    && EXTRACT_32BITS(tptr+BGP_VPN_RD_LEN) ==  0x47000601)
+                                    ND_PRINT((ndo, " = %s", ipaddr_string(ndo, tptr+BGP_VPN_RD_LEN+4)));
                                 /* rfc1888 mapped IPv6 address ? */
-                                else if (EXTRACT_24BITS(tptr+BGP_VPN_RD_LEN) ==  0x350000)
-                                    ND_PRINT((ndo, " = %s", getname6(ndo, tptr+BGP_VPN_RD_LEN+3)));
-#endif
+                                else if (tlen == BGP_VPN_RD_LEN + 3 + sizeof(struct in6_addr)
+                                         && EXTRACT_24BITS(tptr+BGP_VPN_RD_LEN) ==  0x350000)
+                                    ND_PRINT((ndo, " = %s", ip6addr_string(ndo, tptr+BGP_VPN_RD_LEN+3)));
                                 tptr += tlen;
                                 tlen = 0;
                             }
@@ -1703,7 +1741,7 @@ bgp_attr_print(netdissect_options *ndo,
                        ND_PRINT((ndo, ", no SNPA"));
                 }
 
-               while (len - (tptr - pptr) > 0) {
+               while (tptr < pptr + len) {
                     switch (af<<8 | safi) {
                     case (AFNUM_INET<<8 | SAFNUM_UNICAST):
                     case (AFNUM_INET<<8 | SAFNUM_MULTICAST):
@@ -1769,7 +1807,6 @@ bgp_attr_print(netdissect_options *ndo,
                         else
                             ND_PRINT((ndo, "\n\t      %s", buf));
                       break;
-#ifdef INET6
                     case (AFNUM_INET6<<8 | SAFNUM_UNICAST):
                     case (AFNUM_INET6<<8 | SAFNUM_MULTICAST):
                     case (AFNUM_INET6<<8 | SAFNUM_UNIMULTICAST):
@@ -1805,7 +1842,6 @@ bgp_attr_print(netdissect_options *ndo,
                         else
                             ND_PRINT((ndo, "\n\t      %s", buf));
                         break;
-#endif
                     case (AFNUM_VPLS<<8 | SAFNUM_VPLS):
                     case (AFNUM_L2VPN<<8 | SAFNUM_VPNUNICAST):
                     case (AFNUM_L2VPN<<8 | SAFNUM_VPNMULTICAST):
@@ -1873,7 +1909,7 @@ bgp_attr_print(netdissect_options *ndo,
 
                tptr += 3;
 
-               while (len - (tptr - pptr) > 0) {
+               while (tptr < pptr + len) {
                     switch (af<<8 | safi) {
                     case (AFNUM_INET<<8 | SAFNUM_UNICAST):
                     case (AFNUM_INET<<8 | SAFNUM_MULTICAST):
@@ -1910,7 +1946,6 @@ bgp_attr_print(netdissect_options *ndo,
                         else
                             ND_PRINT((ndo, "\n\t      %s", buf));
                         break;
-#ifdef INET6
                     case (AFNUM_INET6<<8 | SAFNUM_UNICAST):
                     case (AFNUM_INET6<<8 | SAFNUM_MULTICAST):
                     case (AFNUM_INET6<<8 | SAFNUM_UNIMULTICAST):
@@ -1946,7 +1981,6 @@ bgp_attr_print(netdissect_options *ndo,
                         else
                             ND_PRINT((ndo, "\n\t      %s", buf));
                         break;
-#endif
                     case (AFNUM_VPLS<<8 | SAFNUM_VPLS):
                     case (AFNUM_L2VPN<<8 | SAFNUM_VPNUNICAST):
                     case (AFNUM_L2VPN<<8 | SAFNUM_VPNMULTICAST):
@@ -2040,14 +2074,14 @@ bgp_attr_print(netdissect_options *ndo,
                         ND_PRINT((ndo, ": %u:%u (= %s)",
                                EXTRACT_16BITS(tptr+2),
                                EXTRACT_32BITS(tptr+4),
-                               getname(ndo, tptr+4)));
+                               ipaddr_string(ndo, tptr+4)));
                         break;
                     case BGP_EXT_COM_RT_1:
                     case BGP_EXT_COM_RO_1:
                     case BGP_EXT_COM_L2VPN_RT_1:
                     case BGP_EXT_COM_VRF_RT_IMP:
                         ND_PRINT((ndo, ": %s:%u",
-                               getname(ndo, tptr+2),
+                               ipaddr_string(ndo, tptr+2),
                                EXTRACT_16BITS(tptr+6)));
                         break;
                     case BGP_EXT_COM_RT_2:
@@ -2067,12 +2101,12 @@ bgp_attr_print(netdissect_options *ndo,
                     case BGP_EXT_COM_VPN_ORIGIN4:
                     case BGP_EXT_COM_OSPF_RID:
                     case BGP_EXT_COM_OSPF_RID2:
-                        ND_PRINT((ndo, "%s", getname(ndo, tptr+2)));
+                        ND_PRINT((ndo, "%s", ipaddr_string(ndo, tptr+2)));
                         break;
                     case BGP_EXT_COM_OSPF_RTYPE:
                     case BGP_EXT_COM_OSPF_RTYPE2:
                         ND_PRINT((ndo, ": area:%s, router-type:%s, metric-type:%s%s",
-                               getname(ndo, tptr+2),
+                               ipaddr_string(ndo, tptr+2),
                                tok2str(bgp_extd_comm_ospf_rtype_values,
                                          "unknown (0x%02x)",
                                          *(tptr+6)),
@@ -2104,11 +2138,11 @@ bgp_attr_print(netdissect_options *ndo,
         {
                 uint8_t tunnel_type, flags;
 
+                ND_TCHECK2(tptr[0], 5);
                 tunnel_type = *(tptr+1);
                 flags = *tptr;
                 tlen = len;
 
-                ND_TCHECK2(tptr[0], 5);
                 ND_PRINT((ndo, "\n\t    Tunnel-type %s (%u), Flags [%s], MPLS Label %u",
                        tok2str(bgp_pmsi_tunnel_values, "Unknown", tunnel_type),
                        tunnel_type,
@@ -2160,39 +2194,45 @@ bgp_attr_print(netdissect_options *ndo,
         }
        case BGPTYPE_AIGP:
        {
-               u_int8_t type;
-               u_int16_t length;
-
-               ND_TCHECK2(tptr[0], 3);
+               uint8_t type;
+               uint16_t length;
 
                tlen = len;
 
                while (tlen >= 3) {
 
+                   ND_TCHECK2(tptr[0], 3);
+
                    type = *tptr;
                    length = EXTRACT_16BITS(tptr+1);
+                   tptr += 3;
+                   tlen -= 3;
 
                    ND_PRINT((ndo, "\n\t    %s TLV (%u), length %u",
                              tok2str(bgp_aigp_values, "Unknown", type),
                              type, length));
 
+                   if (length < 3)
+                       goto trunc;
+                   length -= 3;
 
                    /*
                     * Check if we can read the TLV data.
                     */
-                   ND_TCHECK2(tptr[3], length - 3);
+                   ND_TCHECK2(tptr[3], length);
 
                    switch (type) {
 
                    case BGP_AIGP_TLV:
-                       ND_TCHECK2(tptr[3], 8);
+                       if (length < 8)
+                           goto trunc;
                        ND_PRINT((ndo, ", metric %" PRIu64,
-                                 EXTRACT_64BITS(tptr+3)));
+                                 EXTRACT_64BITS(tptr)));
                        break;
 
                    default:
                        if (ndo->ndo_vflag <= 1) {
-                           print_unknown_data(ndo, tptr+3,"\n\t      ", length-3);
+                           print_unknown_data(ndo, tptr,"\n\t      ", length);
                        }
                    }
 
@@ -2211,7 +2251,7 @@ bgp_attr_print(netdissect_options *ndo,
                 len -=4;
 
                 while (len) {
-                    u_int aflags, atype, alenlen, alen;
+                    u_int aflags, alenlen, alen;
 
                     ND_TCHECK2(tptr[0], 2);
                     if (len < 2)
@@ -2244,15 +2284,39 @@ bgp_attr_print(netdissect_options *ndo,
                             ND_PRINT((ndo, "+%x", aflags & 0xf));
                         ND_PRINT((ndo, "]: "));
                     }
-                    /* FIXME check for recursion */
-                    if (!bgp_attr_print(ndo, atype, tptr, alen))
+                    /* The protocol encoding per se allows ATTR_SET to be nested as many times
+                     * as the message can accommodate. This printer used to be able to recurse
+                     * into ATTR_SET contents until the stack exhaustion, but now there is a
+                     * limit on that (if live protocol exchange goes that many levels deep,
+                     * something is probably wrong anyway). Feel free to refine this value if
+                     * you can find the spec with respective normative text.
+                     */
+                    if (attr_set_level == 10)
+                        ND_PRINT((ndo, "(too many nested levels, not recursing)"));
+                    else if (!bgp_attr_print(ndo, atype, tptr, alen, attr_set_level + 1))
                         return 0;
                     tptr += alen;
                     len -= alen;
                }
                 break;
 
-
+       case BGPTYPE_LARGE_COMMUNITY:
+               if (len == 0 || len % 12) {
+                       ND_PRINT((ndo, "invalid len"));
+                       break;
+               }
+               ND_PRINT((ndo, "\n\t    "));
+               while (len > 0) {
+                       ND_TCHECK2(*tptr, 12);
+                       ND_PRINT((ndo, "%u:%u:%u%s",
+                                EXTRACT_32BITS(tptr),
+                                EXTRACT_32BITS(tptr + 4),
+                                EXTRACT_32BITS(tptr + 8),
+                                (len > 12) ? ", " : ""));
+                        tptr += 12;
+                        len -= 12;
+               }
+               break;
        default:
            ND_TCHECK2(*pptr,len);
             ND_PRINT((ndo, "\n\t    no Attribute %u decoder", atype)); /* we have no decoder for the attribute */
@@ -2290,6 +2354,8 @@ bgp_capabilities_print(netdissect_options *ndo,
                 ND_TCHECK2(opt[i+2], cap_len);
                 switch (cap_type) {
                 case BGP_CAPCODE_MP:
+                    /* AFI (16 bits), Reserved (8 bits), SAFI (8 bits) */
+                    ND_TCHECK_8BITS(opt + i + 5);
                     ND_PRINT((ndo, "\n\t\tAFI %s (%u), SAFI %s (%u)",
                            tok2str(af_values, "Unknown",
                                       EXTRACT_16BITS(opt+i+2)),
@@ -2299,12 +2365,15 @@ bgp_capabilities_print(netdissect_options *ndo,
                            opt[i+5]));
                     break;
                 case BGP_CAPCODE_RESTART:
+                    /* Restart Flags (4 bits), Restart Time in seconds (12 bits) */
+                    ND_TCHECK_16BITS(opt + i + 2);
                     ND_PRINT((ndo, "\n\t\tRestart Flags: [%s], Restart Time %us",
                            ((opt[i+2])&0x80) ? "R" : "none",
                            EXTRACT_16BITS(opt+i+2)&0xfff));
                     tcap_len-=2;
                     cap_offset=4;
                     while(tcap_len>=4) {
+                        ND_TCHECK_8BITS(opt + i + cap_offset + 3);
                         ND_PRINT((ndo, "\n\t\t  AFI %s (%u), SAFI %s (%u), Forwarding state preserved: %s",
                                tok2str(af_values,"Unknown",
                                           EXTRACT_16BITS(opt+i+cap_offset)),
@@ -2339,7 +2408,7 @@ bgp_capabilities_print(netdissect_options *ndo,
                     }
                     while (tcap_len > 0) {
                         if (tcap_len < 4) {
-                            ND_PRINT((ndo, "\n\t\t(malformed)"));
+                            ND_PRINT((ndo, "\n\t\t(invalid)"));
                             break;
                         }
                         ND_PRINT((ndo, "\n\t\tAFI %s (%u), SAFI %s (%u), Send/Receive: %s",
@@ -2368,7 +2437,7 @@ bgp_capabilities_print(netdissect_options *ndo,
         return;
 
 trunc:
-       ND_PRINT((ndo, "[|BGP]"));
+       ND_PRINT((ndo, "%s", tstr));
 }
 
 static void
@@ -2387,7 +2456,7 @@ bgp_open_print(netdissect_options *ndo,
        ND_PRINT((ndo, "my AS %s, ",
            as_printf(ndo, astostr, sizeof(astostr), ntohs(bgpo.bgpo_myas))));
        ND_PRINT((ndo, "Holdtime %us, ", ntohs(bgpo.bgpo_holdtime)));
-       ND_PRINT((ndo, "ID %s", getname(ndo, (u_char *)&bgpo.bgpo_id)));
+       ND_PRINT((ndo, "ID %s", ipaddr_string(ndo, &bgpo.bgpo_id)));
        ND_PRINT((ndo, "\n\t  Optional parameters, length: %u", bgpo.bgpo_optlen));
 
         /* some little sanity checking */
@@ -2431,7 +2500,7 @@ bgp_open_print(netdissect_options *ndo,
        }
        return;
 trunc:
-       ND_PRINT((ndo, "[|BGP]"));
+       ND_PRINT((ndo, "%s", tstr));
 }
 
 static void
@@ -2443,10 +2512,6 @@ bgp_update_print(netdissect_options *ndo,
        int withdrawn_routes_len;
        int len;
        int i;
-#ifndef INET6
-       char buf[MAXHOSTNAMELEN + 100];
-       int wpfx;
-#endif
 
        ND_TCHECK2(dat[0], BGP_SIZE);
        if (length < BGP_SIZE)
@@ -2471,36 +2536,9 @@ bgp_update_print(netdissect_options *ndo,
                ND_TCHECK2(p[0], withdrawn_routes_len);
                if (length < withdrawn_routes_len)
                        goto trunc;
-#ifdef INET6
                ND_PRINT((ndo, "\n\t  Withdrawn routes: %d bytes", withdrawn_routes_len));
                p += withdrawn_routes_len;
                length -= withdrawn_routes_len;
-#else
-               if (withdrawn_routes_len < 2)
-                       goto trunc;
-               length -= 2;
-               withdrawn_routes_len -= 2;
-
-
-               ND_PRINT((ndo, "\n\t  Withdrawn routes:"));
-
-               while(withdrawn_routes_len > 0) {
-                       wpfx = decode_prefix4(ndo, p, withdrawn_routes_len, buf, sizeof(buf));
-                       if (wpfx == -1) {
-                               ND_PRINT((ndo, "\n\t    (illegal prefix length)"));
-                               break;
-                       } else if (wpfx == -2)
-                               goto trunc;
-                       else if (wpfx == -3)
-                               goto trunc; /* bytes left, but not enough */
-                       else {
-                               ND_PRINT((ndo, "\n\t    %s", buf));
-                               p += wpfx;
-                               length -= wpfx;
-                               withdrawn_routes_len -= wpfx;
-                       }
-               }
-#endif
        }
 
        ND_TCHECK2(p[0], 2);
@@ -2562,7 +2600,7 @@ bgp_update_print(netdissect_options *ndo,
                                goto trunc;
                        if (length < alen)
                                goto trunc;
-                       if (!bgp_attr_print(ndo, atype, p, alen))
+                       if (!bgp_attr_print(ndo, atype, p, alen, 0))
                                goto trunc;
                        p += alen;
                        len -= alen;
@@ -2599,7 +2637,7 @@ bgp_update_print(netdissect_options *ndo,
        }
        return;
 trunc:
-       ND_PRINT((ndo, "[|BGP]"));
+       ND_PRINT((ndo, "%s", tstr));
 }
 
 static void
@@ -2641,11 +2679,18 @@ bgp_notification_print(netdissect_options *ndo,
                              bgpn.bgpn_minor),
                   bgpn.bgpn_minor));
             break;
+        case BGP_NOTIFY_MAJOR_FSM:
+            ND_PRINT((ndo, " subcode %s (%u)",
+                  tok2str(bgp_notify_minor_fsm_values, "Unknown",
+                             bgpn.bgpn_minor),
+                  bgpn.bgpn_minor));
+            break;
         case BGP_NOTIFY_MAJOR_CAP:
             ND_PRINT((ndo, " subcode %s (%u)",
                   tok2str(bgp_notify_minor_cap_values, "Unknown",
                              bgpn.bgpn_minor),
                   bgpn.bgpn_minor));
+            break;
         case BGP_NOTIFY_MAJOR_CEASE:
             ND_PRINT((ndo, ", subcode %s (%u)",
                   tok2str(bgp_notify_minor_cease_values, "Unknown",
@@ -2673,7 +2718,7 @@ bgp_notification_print(netdissect_options *ndo,
 
        return;
 trunc:
-       ND_PRINT((ndo, "[|BGP]"));
+       ND_PRINT((ndo, "%s", tstr));
 }
 
 static void
@@ -2707,7 +2752,7 @@ bgp_route_refresh_print(netdissect_options *ndo,
 
         return;
 trunc:
-       ND_PRINT((ndo, "[|BGP]"));
+       ND_PRINT((ndo, "%s", tstr));
 }
 
 static int
@@ -2747,7 +2792,7 @@ bgp_header_print(netdissect_options *ndo,
        }
        return 1;
 trunc:
-       ND_PRINT((ndo, "[|BGP]"));
+       ND_PRINT((ndo, "%s", tstr));
        return 0;
 }
 
@@ -2796,7 +2841,7 @@ bgp_print(netdissect_options *ndo,
                memcpy(&bgp, p, BGP_SIZE);
 
                if (start != p)
-                       ND_PRINT((ndo, " [|BGP]"));
+                       ND_PRINT((ndo, " %s", tstr));
 
                hlen = ntohs(bgp.bgp_len);
                if (hlen < BGP_SIZE) {
@@ -2822,7 +2867,7 @@ bgp_print(netdissect_options *ndo,
        return;
 
 trunc:
-       ND_PRINT((ndo, " [|BGP]"));
+       ND_PRINT((ndo, "%s", tstr));
 }
 
 /*
[mirror] the TCPdump network dissector