]> The Tcpdump Group git mirrors - tcpdump/blobdiff - print-bgp.c
projects / tcpdump / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
add tracefiles for infinite loop testing
[tcpdump] / print-bgp.c
diff --git a/print-bgp.c b/print-bgp.c
index f9048713604eba8640af488913b567ef0fd1d88f..08908019f8845fa3d9ffcdfcc16bb254cedc1b5c 100644 (file)
--- a/print-bgp.c
+++ b/print-bgp.c
@@ -35,8 +35,8 @@
 #endif
 
 #ifndef lint
-static const char rcsid[] =
-     "@(#) $Header: /tcpdump/master/tcpdump/print-bgp.c,v 1.53 2002-10-11 13:09:51 hannes Exp $";
+static const char rcsid[] _U_ =
+     "@(#) $Header: /tcpdump/master/tcpdump/print-bgp.c,v 1.72.2.5 2005-04-27 18:42:28 hannes Exp $";
 #endif
 
 #include <tcpdump-stdinc.h>
@@ -96,7 +96,6 @@ struct bgp_notification {
        u_int8_t bgpn_type;
        u_int8_t bgpn_major;
        u_int8_t bgpn_minor;
-       /* data should follow */
 };
 #define BGP_NOTIFICATION_SIZE          21      /* unaligned */
 
@@ -119,7 +118,7 @@ struct bgp_attr {
        } bgpa_len;
 #define bgp_attr_len(p) \
        (((p)->bgpa_flags & 0x10) ? \
-               ntohs((p)->bgpa_len.elen) : (p)->bgpa_len.len)
+               EXTRACT_16BITS(&(p)->bgpa_len.elen) : (p)->bgpa_len.len)
 #define bgp_attr_off(p) \
        (((p)->bgpa_flags & 0x10) ? 4 : 3)
 };
@@ -162,6 +161,27 @@ static struct tok bgp_attr_values[] = {
     { 0, NULL}
 };
 
+#define BGP_AS_SET             1
+#define BGP_AS_SEQUENCE        2
+#define BGP_CONFED_AS_SEQUENCE 3 /* draft-ietf-idr-rfc3065bis-01 */
+#define BGP_CONFED_AS_SET      4 /* draft-ietf-idr-rfc3065bis-01  */
+
+static struct tok bgp_as_path_segment_open_values[] = {
+    { BGP_AS_SEQUENCE,         ""},
+    { BGP_AS_SET,              "{ "},
+    { BGP_CONFED_AS_SEQUENCE,  "( "},
+    { BGP_CONFED_AS_SET,       "({ "},
+    { 0, NULL}
+};
+
+static struct tok bgp_as_path_segment_close_values[] = {
+    { BGP_AS_SEQUENCE,         ""},
+    { BGP_AS_SET,              "}"},
+    { BGP_CONFED_AS_SEQUENCE,  ")"},
+    { BGP_CONFED_AS_SET,       "})"},
+    { 0, NULL}
+};
+
 #define BGP_OPT_AUTH                    1
 #define BGP_OPT_CAP                     2
 
@@ -191,6 +211,7 @@ static struct tok bgp_capcode_values[] = {
 #define BGP_NOTIFY_MAJOR_HOLDTIME       4
 #define BGP_NOTIFY_MAJOR_FSM            5
 #define BGP_NOTIFY_MAJOR_CEASE          6
+#define BGP_NOTIFY_MAJOR_CAP            7
 
 static struct tok bgp_notify_major_values[] = {
     { BGP_NOTIFY_MAJOR_MSG,     "Message Header Error"},
@@ -199,6 +220,20 @@ static struct tok bgp_notify_major_values[] = {
     { BGP_NOTIFY_MAJOR_HOLDTIME,"Hold Timer Expired"},
     { BGP_NOTIFY_MAJOR_FSM,     "Finite State Machine Error"},
     { BGP_NOTIFY_MAJOR_CEASE,   "Cease"},
+    { BGP_NOTIFY_MAJOR_CAP,     "Capability Message Error"},
+    { 0, NULL}
+};
+
+/* draft-ietf-idr-cease-subcode-02 */
+#define BGP_NOTIFY_MINOR_CEASE_MAXPRFX  1
+static struct tok bgp_notify_minor_cease_values[] = {
+    { BGP_NOTIFY_MINOR_CEASE_MAXPRFX, "Maximum Number of Prefixes Reached"},
+    { 2,                        "Administratively Shutdown"},
+    { 3,                        "Peer Unconfigured"},
+    { 4,                        "Administratively Reset"},
+    { 5,                        "Connection Rejected"},
+    { 6,                        "Other Configuration Change"},
+    { 7,                        "Connection Collision Resolution"},
     { 0, NULL}
 };
 
@@ -234,6 +269,14 @@ static struct tok bgp_notify_minor_update_values[] = {
     { 0, NULL}
 };
 
+static struct tok bgp_notify_minor_cap_values[] = {
+    { 1,                        "Invalid Action Value" },
+    { 2,                        "Invalid Capability Length" },
+    { 3,                        "Malformed Capability Value" },
+    { 4,                        "Unsupported Capability Code" },
+    { 0, NULL }
+};
+
 static struct tok bgp_origin_values[] = {
     { 0,                        "IGP"},
     { 1,                        "EGP"},
@@ -252,6 +295,8 @@ static struct tok bgp_origin_values[] = {
 #define SAFNUM_VPNUNICAST               128
 #define SAFNUM_VPNMULTICAST             129
 #define SAFNUM_VPNUNIMULTICAST          130
+/* draft-marques-ppvpn-rt-constrain-01.txt */
+#define SAFNUM_RT_ROUTING_INFO          132
 
 #define BGP_VPN_RD_LEN                  8
 
@@ -264,6 +309,7 @@ static struct tok bgp_safi_values[] = {
     { SAFNUM_VPNUNICAST,        "labeled VPN Unicast"},
     { SAFNUM_VPNMULTICAST,      "labeled VPN Multicast"},
     { SAFNUM_VPNUNIMULTICAST,   "labeled VPN Unicast+Multicast"},
+    { SAFNUM_RT_ROUTING_INFO,   "Route Target Routing Information"},
     { 0, NULL }
 };
 
@@ -312,29 +358,52 @@ static struct tok bgp_afi_values[] = {
     { 0, NULL},
 };
 
-/* Extended community type - draft-ramachandra-bgp-ext-communities */
+/* Extended community type - draft-ietf-idr-bgp-ext-communities-05 */
 #define BGP_EXT_COM_RT_0        0x0002  /* Route Target,Format AS(2bytes):AN(4bytes) */
 #define BGP_EXT_COM_RT_1        0x0102  /* Route Target,Format IP address:AN(2bytes) */
+#define BGP_EXT_COM_RT_2        0x0202  /* Route Target,Format AN(4bytes):local(2bytes) */
 #define BGP_EXT_COM_RO_0        0x0003  /* Route Origin,Format AS(2bytes):AN(4bytes) */
 #define BGP_EXT_COM_RO_1        0x0103  /* Route Origin,Format IP address:AN(2bytes) */
+#define BGP_EXT_COM_RO_2        0x0203  /* Route Origin,Format AN(4bytes):local(2bytes) */
 #define BGP_EXT_COM_LINKBAND    0x4004  /* Link Bandwidth,Format AS(2B):Bandwidth(4B) */
                                         /* rfc2547 bgp-mpls-vpns */
-#define BGP_EXT_COM_VPN_ORIGIN  0x0005  /* OSPF Domain ID / VPN of Origin  */
-                                        /* draft-rosen-vpns-ospf-bgp-mpls */
-#define BGP_EXT_COM_OSPF_RTYPE  0x8000  /* OSPF Route Type,Format Area(4B):RouteType(1B):Options(1B) */
-#define BGP_EXT_COM_OSPF_RID    0x8001  /* OSPF Router ID,Format RouterID(4B):Unused(2B) */
+
+#define BGP_EXT_COM_VPN_ORIGIN  0x0005  /* OSPF Domain ID / VPN of Origin  - draft-rosen-vpns-ospf-bgp-mpls */
+#define BGP_EXT_COM_VPN_ORIGIN2 0x0105  /* duplicate - keep for backwards compatability */
+#define BGP_EXT_COM_VPN_ORIGIN3 0x0205  /* duplicate - keep for backwards compatability */
+#define BGP_EXT_COM_VPN_ORIGIN4 0x8005  /* duplicate - keep for backwards compatability */
+
+#define BGP_EXT_COM_OSPF_RTYPE  0x0306  /* OSPF Route Type,Format Area(4B):RouteType(1B):Options(1B) */
+#define BGP_EXT_COM_OSPF_RTYPE2 0x8000  /* duplicate - keep for backwards compatability */
+
+#define BGP_EXT_COM_OSPF_RID    0x0107  /* OSPF Router ID,Format RouterID(4B):Unused(2B) */
+#define BGP_EXT_COM_OSPF_RID2   0x8001  /* duplicate - keep for backwards compatability */ 
+
 #define BGP_EXT_COM_L2INFO      0x800a  /* draft-kompella-ppvpn-l2vpn */
 
+static struct tok bgp_extd_comm_flag_values[] = {
+    { 0x8000,                  "vendor-specific"},
+    { 0x4000,                  "non-transitive"},
+    { 0, NULL},
+};
+
 static struct tok bgp_extd_comm_subtype_values[] = {
-    { BGP_EXT_COM_RT_0,       "target"},
-    { BGP_EXT_COM_RT_1,       "target"},
-    { BGP_EXT_COM_RO_0,       "origin"},
-    { BGP_EXT_COM_RO_1,       "origin"},
-    { BGP_EXT_COM_LINKBAND,   "link-BW"},
-    { BGP_EXT_COM_VPN_ORIGIN, "ospf-domain"},
-    { BGP_EXT_COM_OSPF_RTYPE, "ospf-route-type"},
-    { BGP_EXT_COM_OSPF_RID,   "ospf-router-id"},
-    { BGP_EXT_COM_L2INFO,     "layer2-info"}, 
+    { BGP_EXT_COM_RT_0,        "target"},
+    { BGP_EXT_COM_RT_1,        "target"},
+    { BGP_EXT_COM_RT_2,        "target"},
+    { BGP_EXT_COM_RO_0,        "origin"},
+    { BGP_EXT_COM_RO_1,        "origin"},
+    { BGP_EXT_COM_RO_2,        "origin"},
+    { BGP_EXT_COM_LINKBAND,    "link-BW"},
+    { BGP_EXT_COM_VPN_ORIGIN,  "ospf-domain"},
+    { BGP_EXT_COM_VPN_ORIGIN2, "ospf-domain"},
+    { BGP_EXT_COM_VPN_ORIGIN3, "ospf-domain"},
+    { BGP_EXT_COM_VPN_ORIGIN4, "ospf-domain"},
+    { BGP_EXT_COM_OSPF_RTYPE,  "ospf-route-type"},
+    { BGP_EXT_COM_OSPF_RTYPE2, "ospf-route-type"},
+    { BGP_EXT_COM_OSPF_RID,    "ospf-router-id"},
+    { BGP_EXT_COM_OSPF_RID2,   "ospf-router-id"},
+    { BGP_EXT_COM_L2INFO,      "layer2-info"}, 
     { 0, NULL},
 };
 
@@ -381,11 +450,13 @@ decode_prefix4(const u_char *pptr, char *buf, u_int buflen)
        struct in_addr addr;
        u_int plen;
 
+       TCHECK(pptr[0]);
        plen = pptr[0];
        if (32 < plen)
                return -1;
 
        memset(&addr, 0, sizeof(addr));
+       TCHECK2(pptr[1], (plen + 7) / 8);
        memcpy(&addr, &pptr[1], (plen + 7) / 8);
        if (plen % 8) {
                ((u_char *)&addr)[(plen + 7) / 8 - 1] &=
@@ -393,6 +464,9 @@ decode_prefix4(const u_char *pptr, char *buf, u_int buflen)
        }
        snprintf(buf, buflen, "%s/%d", getname((u_char *)&addr), plen);
        return 1 + (plen + 7) / 8;
+
+trunc:
+       return -2;
 }
 
 static int
@@ -401,6 +475,7 @@ decode_labeled_prefix4(const u_char *pptr, char *buf, u_int buflen)
        struct in_addr addr;
        u_int plen;
 
+       TCHECK(pptr[0]);
        plen = pptr[0];   /* get prefix length */
 
         /* this is one of the weirdnesses of rfc3107
@@ -417,6 +492,7 @@ decode_labeled_prefix4(const u_char *pptr, char *buf, u_int buflen)
                return -1;
 
        memset(&addr, 0, sizeof(addr));
+       TCHECK2(pptr[4], (plen + 7) / 8);
        memcpy(&addr, &pptr[4], (plen + 7) / 8);
        if (plen % 8) {
                ((u_char *)&addr)[(plen + 7) / 8 - 1] &=
@@ -430,9 +506,14 @@ decode_labeled_prefix4(const u_char *pptr, char *buf, u_int buflen)
                  ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" );
 
        return 4 + (plen + 7) / 8;
-}
 
+trunc:
+       return -2;
+}
 
+/* RDs and RTs share the same semantics
+ * we use bgp_vpn_rd_print for
+ * printing route targets inside a NLRI */
 static char *
 bgp_vpn_rd_print (const u_char *pptr) {
 
@@ -444,38 +525,71 @@ bgp_vpn_rd_print (const u_char *pptr) {
 
     /* ok lets load the RD format */
     switch (EXTRACT_16BITS(pptr)) {
+
         /* AS:IP-address fmt*/
     case 0:
-        pos+=sprintf(pos, "%u:%u.%u.%u.%u",
-                     EXTRACT_16BITS(pptr+2),
-                     *(pptr+4),
-                     *(pptr+5),
-                     *(pptr+6),
-                     *(pptr+7));
+        snprintf(pos, sizeof(rd) - (pos - rd), "%u:%u.%u.%u.%u",
+            EXTRACT_16BITS(pptr+2), *(pptr+4), *(pptr+5), *(pptr+6), *(pptr+7));
         break;
         /* IP-address:AS fmt*/
+
     case 1:
-        pos+=sprintf(pos, "%u.%u.%u.%u:%u",
-                     *(pptr+2),
-                     *(pptr+3),
-                     *(pptr+4),
-                     *(pptr+5),
-                     EXTRACT_16BITS(pptr+6));
+        snprintf(pos, sizeof(rd) - (pos - rd), "%u.%u.%u.%u:%u",
+            *(pptr+2), *(pptr+3), *(pptr+4), *(pptr+5), EXTRACT_16BITS(pptr+6));
+        break;
+
+        /* 4-byte-AS:number fmt*/
+    case 2:
+        snprintf(pos, sizeof(rd) - (pos - rd), "%u:%u",
+            EXTRACT_32BITS(pptr+2), EXTRACT_16BITS(pptr+6));
         break;
     default:
-        pos+=sprintf(pos, "unknown RD format");
+        snprintf(pos, sizeof(rd) - (pos - rd), "unknown RD format");
         break;
     }
+    pos += strlen(pos);
     *(pos) = '\0';
     return (rd);
 }
 
+static int
+decode_rt_routing_info(const u_char *pptr, char *buf, u_int buflen)
+{
+       u_int8_t route_target[8];
+       u_int plen;
+
+       TCHECK(pptr[0]);
+       plen = pptr[0];   /* get prefix length */
+
+        plen-=32; /* adjust prefix length */
+
+       if (0 < plen)
+               return -1;
+
+       memset(&route_target, 0, sizeof(route_target));
+       TCHECK2(pptr[1], (plen + 7) / 8);
+       memcpy(&route_target, &pptr[1], (plen + 7) / 8);
+       if (plen % 8) {
+               ((u_char *)&route_target)[(plen + 7) / 8 - 1] &=
+                       ((0xff00 >> (plen % 8)) & 0xff);
+       }
+       snprintf(buf, buflen, "origin AS: %u, route target %s",
+                 EXTRACT_32BITS(pptr+1),
+                 bgp_vpn_rd_print((u_char *)&route_target));
+
+       return 5 + (plen + 7) / 8;
+
+trunc:
+       return -2;
+}
+
 static int
 decode_labeled_vpn_prefix4(const u_char *pptr, char *buf, u_int buflen)
 {
        struct in_addr addr;
        u_int plen;
 
+       TCHECK(pptr[0]);
        plen = pptr[0];   /* get prefix length */
 
         plen-=(24+64); /* adjust prefixlen - labellength - RD len*/
@@ -484,6 +598,7 @@ decode_labeled_vpn_prefix4(const u_char *pptr, char *buf, u_int buflen)
                return -1;
 
        memset(&addr, 0, sizeof(addr));
+       TCHECK2(pptr[12], (plen + 7) / 8);
        memcpy(&addr, &pptr[12], (plen + 7) / 8);
        if (plen % 8) {
                ((u_char *)&addr)[(plen + 7) / 8 - 1] &=
@@ -498,15 +613,21 @@ decode_labeled_vpn_prefix4(const u_char *pptr, char *buf, u_int buflen)
                  ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" );
 
        return 12 + (plen + 7) / 8;
+
+trunc:
+       return -2;
 }
 
 static int
 decode_labeled_vpn_l2(const u_char *pptr, char *buf, u_int buflen)
 {
         int plen,tlen,strlen,tlv_type,tlv_len,ttlv_len;
+
+       TCHECK2(pptr[0], 2);
         plen=EXTRACT_16BITS(pptr);
         tlen=plen;
         pptr+=2;
+       TCHECK2(pptr[0],15);
         strlen=snprintf(buf, buflen, "RD: %s, CE-ID: %u, Label-Block Offset: %u, Label Base %u",
                         bgp_vpn_rd_print(pptr),
                         EXTRACT_16BITS(pptr+8),
@@ -517,6 +638,9 @@ decode_labeled_vpn_l2(const u_char *pptr, char *buf, u_int buflen)
 
         /* ok now the variable part - lets read out TLVs*/
         while (tlen>0) {
+            if (tlen < 3)
+                return -1;
+            TCHECK2(pptr[0], 3);
             tlv_type=*pptr++;
             tlv_len=EXTRACT_16BITS(pptr);
             ttlv_len=tlv_len;
@@ -529,6 +653,7 @@ decode_labeled_vpn_l2(const u_char *pptr, char *buf, u_int buflen)
                                  tlv_len);
                 ttlv_len=ttlv_len/8+1; /* how many bytes do we need to read ? */
                 while (ttlv_len>0) {
+                    TCHECK(pptr[0]);
                     strlen+=snprintf(buf+strlen,buflen-strlen, "%02x",*pptr++);
                     ttlv_len--;
                 }
@@ -542,6 +667,9 @@ decode_labeled_vpn_l2(const u_char *pptr, char *buf, u_int buflen)
             tlen-=(tlv_len<<3); /* the tlv-length is expressed in bits so lets shift it tright */
         }
         return plen+2;
+
+trunc:
+        return -2;
 }
 
 #ifdef INET6
@@ -551,11 +679,13 @@ decode_prefix6(const u_char *pd, char *buf, u_int buflen)
        struct in6_addr addr;
        u_int plen;
 
+       TCHECK(pd[0]);
        plen = pd[0];
-       if (plen < 0 || 128 < plen)
+       if (128 < plen)
                return -1;
 
        memset(&addr, 0, sizeof(addr));
+       TCHECK2(pd[1], (plen + 7) / 8);
        memcpy(&addr, &pd[1], (plen + 7) / 8);
        if (plen % 8) {
                addr.s6_addr[(plen + 7) / 8 - 1] &=
@@ -563,16 +693,90 @@ decode_prefix6(const u_char *pd, char *buf, u_int buflen)
        }
        snprintf(buf, buflen, "%s/%d", getname6((u_char *)&addr), plen);
        return 1 + (plen + 7) / 8;
+
+trunc:
+       return -2;
+}
+
+static int
+decode_labeled_prefix6(const u_char *pptr, char *buf, u_int buflen)
+{
+       struct in6_addr addr;
+       u_int plen;
+
+       TCHECK(pptr[0]);
+       plen = pptr[0]; /* get prefix length */
+        plen-=24; /* adjust prefixlen - labellength */
+
+       if (128 < plen)
+               return -1;
+
+       memset(&addr, 0, sizeof(addr));
+       TCHECK2(pptr[4], (plen + 7) / 8);
+       memcpy(&addr, &pptr[4], (plen + 7) / 8);
+       if (plen % 8) {
+               addr.s6_addr[(plen + 7) / 8 - 1] &=
+                       ((0xff00 >> (plen % 8)) & 0xff);
+       }
+        /* the label may get offsetted by 4 bits so lets shift it right */
+       snprintf(buf, buflen, "%s/%d, label:%u %s",
+                 getname6((u_char *)&addr),
+                 plen,
+                 EXTRACT_24BITS(pptr+1)>>4,
+                 ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" );
+
+       return 4 + (plen + 7) / 8;
+
+trunc:
+       return -2;
+}
+
+static int
+decode_labeled_vpn_prefix6(const u_char *pptr, char *buf, u_int buflen)
+{
+       struct in6_addr addr;
+       u_int plen;
+
+       TCHECK(pptr[0]);
+       plen = pptr[0];   /* get prefix length */
+
+        plen-=(24+64); /* adjust prefixlen - labellength - RD len*/
+
+       if (128 < plen)
+               return -1;
+
+       memset(&addr, 0, sizeof(addr));
+       TCHECK2(pptr[12], (plen + 7) / 8);
+       memcpy(&addr, &pptr[12], (plen + 7) / 8);
+       if (plen % 8) {
+               addr.s6_addr[(plen + 7) / 8 - 1] &=
+                       ((0xff00 >> (plen % 8)) & 0xff);
+       }
+        /* the label may get offsetted by 4 bits so lets shift it right */
+       snprintf(buf, buflen, "RD: %s, %s/%d, label:%u %s",
+                 bgp_vpn_rd_print(pptr+4),
+                 getname6((u_char *)&addr),
+                 plen,
+                 EXTRACT_24BITS(pptr+1)>>4,
+                 ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" );
+
+       return 12 + (plen + 7) / 8;
+
+trunc:
+       return -2;
 }
 #endif
 
-static void
+static int
 bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
 {
        int i;
        u_int16_t af;
        u_int8_t safi, snpa;
-        float bw; /* copy buffer for bandwidth values */
+        union { /* copy buffer for bandwidth values */
+            float f; 
+            u_int32_t i;
+        } bw;
        int advance;
        int tlen;
        const u_char *tptr;
@@ -585,8 +789,10 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
        case BGPTYPE_ORIGIN:
                if (len != 1)
                        printf("invalid len");
-               else
+               else {
+                       TCHECK(*tptr);
                        printf("%s", tok2str(bgp_origin_values, "Unknown Origin Typecode", tptr[0]));
+               }
                break;
        case BGPTYPE_AS_PATH:
                if (len % 2) {
@@ -597,35 +803,36 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                        printf("empty");
                        break;
                 }
+
                while (tptr < pptr + len) {
-                       /*
-                        * under RFC1965, p[0] means:
-                        * 1: AS_SET 2: AS_SEQUENCE
-                        * 3: AS_CONFED_SET 4: AS_CONFED_SEQUENCE
-                        */
-                       if (tptr[0] == 3 || tptr[0] == 4)
-                               printf("confed");
-                       printf("%s", (tptr[0] & 1) ? "{" : "");
-                       for (i = 0; i < tptr[1] * 2; i += 2) {
-                               printf("%s%u", i == 0 ? "" : " ",
-                                       EXTRACT_16BITS(&tptr[2 + i]));
-                       }
-                       printf("%s", (tptr[0] & 1) ? "}" : "");
-                       tptr += 2 + tptr[1] * 2;
+                       TCHECK(tptr[0]);
+                        printf("%s", tok2str(bgp_as_path_segment_open_values, "?", tptr[0]));
+                        for (i = 0; i < tptr[1] * 2; i += 2) {
+                            TCHECK2(tptr[2 + i], 2);
+                            printf("%u ", EXTRACT_16BITS(&tptr[2 + i]));
+                        }
+                       TCHECK(tptr[0]);
+                        printf("%s", tok2str(bgp_as_path_segment_close_values, "?", tptr[0]));
+                        TCHECK(tptr[1]);
+                        tptr += 2 + tptr[1] * 2;
                }
                break;
        case BGPTYPE_NEXT_HOP:
                if (len != 4)
                        printf("invalid len");
-               else
+               else {
+                       TCHECK2(tptr[0], 4);
                        printf("%s", getname(tptr));
+               }
                break;
        case BGPTYPE_MULTI_EXIT_DISC:
        case BGPTYPE_LOCAL_PREF:
                if (len != 4)
                        printf("invalid len");
-               else
+               else {
+                       TCHECK2(tptr[0], 4);
                        printf("%u", EXTRACT_32BITS(tptr));
+               }
                break;
        case BGPTYPE_ATOMIC_AGGREGATE:
                if (len != 0)
@@ -636,6 +843,7 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                        printf("invalid len");
                        break;
                }
+               TCHECK2(tptr[0], 6);
                printf(" AS #%u, origin %s", EXTRACT_16BITS(tptr),
                        getname(tptr + 2));
                break;
@@ -646,6 +854,7 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                }
                while (tlen>0) {
                        u_int32_t comm;
+                       TCHECK2(tptr[0], 4);
                        comm = EXTRACT_32BITS(tptr);
                        switch (comm) {
                        case BGP_COMMUNITY_NO_EXPORT:
@@ -673,10 +882,16 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                        printf("invalid len");
                        break;
                }
+               TCHECK2(tptr[0], 4);
                 printf("%s",getname(tptr));
                 break;
         case BGPTYPE_CLUSTER_LIST:
+               if (len % 4) {
+                       printf("invalid len");
+                       break;
+               }
                 while (tlen>0) {
+                       TCHECK2(tptr[0], 4);
                         printf("%s%s",
                                getname(tptr),
                                 (tlen>4) ? ", " : "");
@@ -685,6 +900,7 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                 }
                 break;
        case BGPTYPE_MP_REACH_NLRI:
+               TCHECK2(tptr[0], 3);
                af = EXTRACT_16BITS(tptr);
                safi = tptr[2];
        
@@ -710,6 +926,7 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
 
                 tptr +=3;
 
+               TCHECK(tptr[0]);
                tlen = tptr[0];
                 tptr++;
 
@@ -723,23 +940,39 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                                     case SAFNUM_MULTICAST:
                                     case SAFNUM_UNIMULTICAST:
                                     case SAFNUM_LABUNICAST:
-                                       printf("%s",getname(tptr));
-                                       tlen -= sizeof(struct in_addr);
-                                        tptr += sizeof(struct in_addr);
+                                    case SAFNUM_RT_ROUTING_INFO:
+                                       if (tlen < (int)sizeof(struct in_addr)) {
+                                           printf("invalid len");
+                                           tlen = 0;
+                                       } else {
+                                           TCHECK2(tptr[0], sizeof(struct in_addr));
+                                           printf("%s",getname(tptr));
+                                           tlen -= sizeof(struct in_addr);
+                                           tptr += sizeof(struct in_addr);
+                                       }
                                        break;
                                     case SAFNUM_VPNUNICAST:
                                     case SAFNUM_VPNMULTICAST:
                                     case SAFNUM_VPNUNIMULTICAST:
-                                        printf("RD: %s, %s",
+                                       if (tlen < (int)(sizeof(struct in_addr)+BGP_VPN_RD_LEN)) {
+                                           printf("invalid len");
+                                           tlen = 0;
+                                       } else {
+                                           TCHECK2(tptr[0], sizeof(struct in_addr)+BGP_VPN_RD_LEN);
+                                           printf("RD: %s, %s",
                                                bgp_vpn_rd_print(tptr),
                                                getname(tptr+BGP_VPN_RD_LEN));
-                                       tlen -= (sizeof(struct in_addr)+BGP_VPN_RD_LEN);
-                                        tptr += (sizeof(struct in_addr)+BGP_VPN_RD_LEN);
+                                           tlen -= (sizeof(struct in_addr)+BGP_VPN_RD_LEN);
+                                           tptr += (sizeof(struct in_addr)+BGP_VPN_RD_LEN);
+                                       }
                                         break;
                                     default:
-                                        printf("no SAFI %u decoder",safi);                                        
+                                        TCHECK2(tptr[0], tlen);
+                                        printf("no SAFI %u decoder",safi);
                                         if (vflag <= 1)
                                             print_unknown_data(tptr,"\n\t    ",tlen);
+                                        tptr += tlen;
+                                        tlen = 0;
                                         break;
                                     }
                                     break;
@@ -750,23 +983,39 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                                     case SAFNUM_MULTICAST:
                                     case SAFNUM_UNIMULTICAST:
                                     case SAFNUM_LABUNICAST:
-                                        printf("%s", getname6(tptr));
-                                        tlen -= sizeof(struct in6_addr);
-                                        tptr += sizeof(struct in6_addr);
+                                    case SAFNUM_RT_ROUTING_INFO:
+                                       if (tlen < (int)sizeof(struct in6_addr)) {
+                                           printf("invalid len");
+                                           tlen = 0;
+                                       } else {
+                                           TCHECK2(tptr[0], sizeof(struct in6_addr));
+                                           printf("%s", getname6(tptr));
+                                           tlen -= sizeof(struct in6_addr);
+                                           tptr += sizeof(struct in6_addr);
+                                       }
                                         break;
                                     case SAFNUM_VPNUNICAST:
                                     case SAFNUM_VPNMULTICAST:
                                     case SAFNUM_VPNUNIMULTICAST:
-                                        printf("RD: %s, %s",
+                                       if (tlen < (int)(sizeof(struct in6_addr)+BGP_VPN_RD_LEN)) {
+                                           printf("invalid len");
+                                           tlen = 0;
+                                       } else {
+                                           TCHECK2(tptr[0], sizeof(struct in6_addr)+BGP_VPN_RD_LEN);
+                                           printf("RD: %s, %s",
                                                bgp_vpn_rd_print(tptr),
                                                getname6(tptr+BGP_VPN_RD_LEN));
-                                       tlen -= (sizeof(struct in6_addr)+BGP_VPN_RD_LEN);
-                                        tptr += (sizeof(struct in6_addr)+BGP_VPN_RD_LEN);
+                                           tlen -= (sizeof(struct in6_addr)+BGP_VPN_RD_LEN);
+                                           tptr += (sizeof(struct in6_addr)+BGP_VPN_RD_LEN);
+                                       }
                                         break;
                                     default:
+                                        TCHECK2(tptr[0], tlen);
                                         printf("no SAFI %u decoder",safi);
                                         if (vflag <= 1)
                                             print_unknown_data(tptr,"\n\t    ",tlen);                                        
+                                        tptr += tlen;
+                                        tlen = 0;
                                         break;
                                     }
                                     break;
@@ -776,39 +1025,53 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                                     case SAFNUM_VPNUNICAST:
                                     case SAFNUM_VPNMULTICAST:
                                     case SAFNUM_VPNUNIMULTICAST:
-                                        printf("%s", getname(tptr));
-                                       tlen -= (sizeof(struct in_addr));
-                                        tptr += (sizeof(struct in_addr));
-                                        break;                                   
+                                       if (tlen < (int)sizeof(struct in_addr)) {
+                                           printf("invalid len");
+                                           tlen = 0;
+                                       } else {
+                                           TCHECK2(tptr[0], sizeof(struct in_addr));
+                                           printf("%s", getname(tptr));
+                                           tlen -= (sizeof(struct in_addr));
+                                           tptr += (sizeof(struct in_addr));
+                                       }
+                                        break;
                                    default:
+                                        TCHECK2(tptr[0], tlen);
                                         printf("no SAFI %u decoder",safi);
                                         if (vflag <= 1)
                                             print_unknown_data(tptr,"\n\t    ",tlen);                                        
+                                        tptr += tlen;
+                                        tlen = 0;
                                         break;
                                    }
                                    break;
 
                                default:
+                                    TCHECK2(tptr[0], tlen);
                                     printf("no AFI %u decoder",af);
                                     if (vflag <= 1)
                                       print_unknown_data(tptr,"\n\t    ",tlen);
+                                    tptr += tlen;
+                                    tlen = 0;
                                     break;
                                }
                        }
                }
                tptr += tlen;
 
+               TCHECK(tptr[0]);
                snpa = tptr[0];
                tptr++;
 
                if (snpa) {
                        printf("\n\t    %u SNPA", snpa);
                        for (/*nothing*/; snpa > 0; snpa--) {
+                               TCHECK(tptr[0]);
                                printf("\n\t      %d bytes", tptr[0]);
                                tptr += tptr[0] + 1;
                        }
                } else {
-                printf(", no SNPA");
+                       printf(", no SNPA");
                 }
 
                while (len - (tptr - pptr) > 0) {
@@ -819,19 +1082,44 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                             case SAFNUM_MULTICAST:
                             case SAFNUM_UNIMULTICAST:
                                 advance = decode_prefix4(tptr, buf, sizeof(buf));
-                                printf("\n\t      %s", buf);
+                               if (advance == -1)
+                                        printf("\n\t    (illegal prefix length)");
+                               else if (advance == -2)
+                                        goto trunc;
+                               else
+                                       printf("\n\t      %s", buf);
                                 break;
                             case SAFNUM_LABUNICAST:
                                 advance = decode_labeled_prefix4(tptr, buf, sizeof(buf));
-                                printf("\n\t      %s", buf);
+                               if (advance == -1)
+                                        printf("\n\t    (illegal prefix length)");
+                               else if (advance == -2)
+                                        goto trunc;
+                               else
+                                        printf("\n\t      %s", buf);
                                 break;
                             case SAFNUM_VPNUNICAST:
                             case SAFNUM_VPNMULTICAST:
                             case SAFNUM_VPNUNIMULTICAST:
                                 advance = decode_labeled_vpn_prefix4(tptr, buf, sizeof(buf));
-                                printf("\n\t      %s", buf);
+                               if (advance == -1)
+                                        printf("\n\t    (illegal prefix length)");
+                               else if (advance == -2)
+                                        goto trunc;
+                               else
+                                        printf("\n\t      %s", buf);
+                                break;
+                            case SAFNUM_RT_ROUTING_INFO:
+                                advance = decode_rt_routing_info(tptr, buf, sizeof(buf));
+                               if (advance == -1)
+                                        printf("\n\t    (illegal prefix length)");
+                               else if (advance == -2)
+                                        goto trunc;
+                               else
+                                        printf("\n\t      %s", buf);
                                 break;
                             default:
+                                TCHECK2(*(tptr-3),tlen);
                                 printf("\n\t      no SAFI %u decoder",safi);
                                 if (vflag <= 1)
                                     print_unknown_data(tptr-3,"\n\t    ",tlen);
@@ -847,9 +1135,44 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                             case SAFNUM_MULTICAST:
                             case SAFNUM_UNIMULTICAST:
                                advance = decode_prefix6(tptr, buf, sizeof(buf));
-                               printf("\n\t      %s", buf);
+                               if (advance == -1)
+                                       printf("\n\t    (illegal prefix length)");
+                               else if (advance == -2)
+                                       goto trunc;
+                               else
+                                       printf("\n\t      %s", buf);
                                break;
+                            case SAFNUM_LABUNICAST:
+                                advance = decode_labeled_prefix6(tptr, buf, sizeof(buf));
+                               if (advance == -1)
+                                       printf("\n\t    (illegal prefix length)");
+                               else if (advance == -2)
+                                       goto trunc;
+                               else
+                                       printf("\n\t      %s", buf);
+                                break;
+                            case SAFNUM_VPNUNICAST:
+                            case SAFNUM_VPNMULTICAST:
+                            case SAFNUM_VPNUNIMULTICAST:
+                                advance = decode_labeled_vpn_prefix6(tptr, buf, sizeof(buf));
+                               if (advance == -1)
+                                       printf("\n\t    (illegal prefix length)");
+                               else if (advance == -2)
+                                       goto trunc;
+                               else
+                                       printf("\n\t      %s", buf);
+                                break;
+                            case SAFNUM_RT_ROUTING_INFO:
+                                advance = decode_rt_routing_info(tptr, buf, sizeof(buf));
+                               if (advance == -1)
+                                       printf("\n\t    (illegal prefix length)");
+                               else if (advance == -2)
+                                       goto trunc;
+                               else
+                                       printf("\n\t      %s", buf);
+                                break;
                             default:
+                                TCHECK2(*(tptr-3),tlen);
                                 printf("\n\t      no SAFI %u decoder ",safi);
                                 if (vflag <= 1)
                                     print_unknown_data(tptr-3,"\n\t    ",tlen);
@@ -865,12 +1188,18 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                             case SAFNUM_VPNMULTICAST:
                             case SAFNUM_VPNUNIMULTICAST:
                                advance = decode_labeled_vpn_l2(tptr, buf, sizeof(buf));
-                                printf("\n\t      %s", buf);         
+                               if (advance == -1)
+                                       printf("\n\t    (illegal length)");
+                               else if (advance == -2)
+                                       goto trunc;
+                               else
+                                        printf("\n\t      %s", buf);         
                                 break;                                   
                             default:
+                                TCHECK2(*tptr,tlen);
                                 printf("no SAFI %u decoder",safi);
                                 if (vflag <= 1)
-                                    print_unknown_data(tptr,"\n\t    ",tlen);                                        
+                                    print_unknown_data(tptr,"\n\t    ",tlen);
                                 advance = 0;
                                tptr = pptr + len;
                                 break;
@@ -879,6 +1208,7 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
 
 
                        default:
+                            TCHECK2(*(tptr-3),tlen);
                             printf("\n\t      no AFI %u decoder ",af);
                             if (vflag <= 1)
                                     print_unknown_data(tptr-3,"\n\t    ",tlen);
@@ -886,11 +1216,14 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                             tptr = pptr + len;
                             break;
                        }
+                        if (advance < 0) /* infinite loop protection */
+                            break;
                        tptr += advance;
                }
                break;
 
        case BGPTYPE_MP_UNREACH_NLRI:
+               TCHECK2(tptr[0], 3);
                af = EXTRACT_16BITS(tptr);
                safi = tptr[2];
 
@@ -911,19 +1244,35 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                             case SAFNUM_MULTICAST:
                             case SAFNUM_UNIMULTICAST:
                                 advance = decode_prefix4(tptr, buf, sizeof(buf));
-                                printf("\n\t      %s", buf);
+                               if (advance == -1)
+                                        printf("\n\t    (illegal prefix length)");
+                               else if (advance == -2)
+                                        goto trunc;
+                               else
+                                       printf("\n\t      %s", buf);
                                 break;
                             case SAFNUM_LABUNICAST:
                                 advance = decode_labeled_prefix4(tptr, buf, sizeof(buf));
-                                printf("\n\t      %s", buf);
+                               if (advance == -1)
+                                        printf("\n\t    (illegal prefix length)");
+                               else if (advance == -2)
+                                        goto trunc;
+                               else
+                                        printf("\n\t      %s", buf);
                                 break;
                             case SAFNUM_VPNUNICAST:
                             case SAFNUM_VPNMULTICAST:
                             case SAFNUM_VPNUNIMULTICAST:
                                 advance = decode_labeled_vpn_prefix4(tptr, buf, sizeof(buf));
-                                printf("\n\t      %s", buf);
+                               if (advance == -1)
+                                        printf("\n\t    (illegal prefix length)");
+                               else if (advance == -2)
+                                        goto trunc;
+                               else
+                                        printf("\n\t      %s", buf);
                                 break;
                             default:
+                                TCHECK2(*(tptr-3),tlen);
                                 printf("\n\t      no SAFI %u decoder",safi);
                                 if (vflag <= 1)
                                     print_unknown_data(tptr-3,"\n\t    ",tlen);
@@ -940,9 +1289,35 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                             case SAFNUM_MULTICAST:
                             case SAFNUM_UNIMULTICAST:
                                advance = decode_prefix6(tptr, buf, sizeof(buf));
-                               printf("\n\t      %s", buf);
+                               if (advance == -1)
+                                       printf("\n\t    (illegal prefix length)");
+                               else if (advance == -2)
+                                       goto trunc;
+                               else
+                                       printf("\n\t      %s", buf);
                                break;
+                            case SAFNUM_LABUNICAST:
+                                advance = decode_labeled_prefix6(tptr, buf, sizeof(buf));
+                               if (advance == -1)
+                                       printf("\n\t    (illegal prefix length)");
+                               else if (advance == -2)
+                                       goto trunc;
+                               else
+                                        printf("\n\t      %s", buf);
+                                break;
+                            case SAFNUM_VPNUNICAST:
+                            case SAFNUM_VPNMULTICAST:
+                            case SAFNUM_VPNUNIMULTICAST:
+                                advance = decode_labeled_vpn_prefix6(tptr, buf, sizeof(buf));
+                               if (advance == -1)
+                                       printf("\n\t    (illegal prefix length)");
+                               else if (advance == -2)
+                                       goto trunc;
+                               else
+                                        printf("\n\t      %s", buf);
+                                break;
                             default:
+                                TCHECK2(*(tptr-3),tlen);
                                 printf("\n\t      no SAFI %u decoder",safi);
                                 if (vflag <= 1)
                                     print_unknown_data(tptr-3,"\n\t    ",tlen);
@@ -959,9 +1334,15 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                             case SAFNUM_VPNMULTICAST:
                             case SAFNUM_VPNUNIMULTICAST:
                                advance = decode_labeled_vpn_l2(tptr, buf, sizeof(buf));
-                                printf("\n\t      %s", buf);         
+                               if (advance == -1)
+                                       printf("\n\t    (illegal length)");
+                               else if (advance == -2)
+                                       goto trunc;
+                               else
+                                        printf("\n\t      %s", buf);         
                                 break;                                   
                             default:
+                                TCHECK2(*(tptr-3),tlen);
                                 printf("no SAFI %u decoder",safi);
                                 if (vflag <= 1)
                                     print_unknown_data(tptr-3,"\n\t    ",tlen);                                        
@@ -972,6 +1353,7 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                             break;
 
                        default:
+                               TCHECK2(*(tptr-3),tlen);
                                printf("\n\t    no AFI %u decoder",af);
                                 if (vflag <= 1)
                                     print_unknown_data(tptr-3,"\n\t    ",tlen);
@@ -990,70 +1372,60 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                }
                 while (tlen>0) {
                     u_int16_t extd_comm;
+
+                    TCHECK2(tptr[0], 2);
                     extd_comm=EXTRACT_16BITS(tptr);
+
+                   printf("\n\t    %s (0x%04x), Flags [%s]",
+                          tok2str(bgp_extd_comm_subtype_values, "unknown extd community typecode", extd_comm),
+                          extd_comm,
+                          bittok2str(bgp_extd_comm_flag_values, "none", extd_comm));
+
+                    TCHECK2(*(tptr+2), 6);
                     switch(extd_comm) {
                     case BGP_EXT_COM_RT_0:
                     case BGP_EXT_COM_RO_0:
-                        printf("\n\t    %s%s%s:%u:%s",
-                               (extd_comm&0x8000) ? "vendor-specific: " : "",
-                               (extd_comm&0x4000) ? "non-transitive: " : "",
-                               tok2str(bgp_extd_comm_subtype_values,
-                                       "unknown",
-                                       extd_comm),
+                        printf(": %u:%s",
                                EXTRACT_16BITS(tptr+2),
                                getname(tptr+4));
                         break;
                     case BGP_EXT_COM_RT_1:
                     case BGP_EXT_COM_RO_1:
-                        printf("\n\t    %s%s%s:%s:%u",
-                               (extd_comm&0x8000) ? "vendor-specific: " : "",
-                               (extd_comm&0x4000) ? "non-transitive: " : "",
-                               tok2str(bgp_extd_comm_subtype_values,
-                                       "unknown",
-                                       extd_comm),
+                        printf(": %s:%u",
                                getname(tptr+2),
                                EXTRACT_16BITS(tptr+6));
                         break;
+                    case BGP_EXT_COM_RT_2:
+                    case BGP_EXT_COM_RO_2:
+                        printf(": %u:%u",
+                               EXTRACT_32BITS(tptr+2),
+                               EXTRACT_16BITS(tptr+6));
+                        break;
                     case BGP_EXT_COM_LINKBAND:
-                        memcpy (&bw, tptr+2, 4);
-                        printf("\n\t    %s%s%s:bandwidth: %.3f Mbps",
-                               (extd_comm&0x8000) ? "vendor-specific: " : "",
-                               (extd_comm&0x4000) ? "non-transitive: " : "",
-                               tok2str(bgp_extd_comm_subtype_values,
-                                       "unknown",
-                                       extd_comm),
-                               bw*8/1000000);
+                       bw.i = EXTRACT_32BITS(tptr+2);
+                        printf(": bandwidth: %.3f Mbps",
+                               bw.f*8/1000000);
                         break;
                     case BGP_EXT_COM_VPN_ORIGIN:
+                    case BGP_EXT_COM_VPN_ORIGIN2:
+                    case BGP_EXT_COM_VPN_ORIGIN3:
+                    case BGP_EXT_COM_VPN_ORIGIN4:
                     case BGP_EXT_COM_OSPF_RID:
-                        printf("\n\t    %s%s%s:%s",
-                               (extd_comm&0x8000) ? "vendor-specific: " : "",
-                               (extd_comm&0x4000) ? "non-transitive: " : "",
-                               tok2str(bgp_extd_comm_subtype_values,
-                                       "unknown",
-                                       extd_comm),
-                               getname(tptr+2));
+                    case BGP_EXT_COM_OSPF_RID2:
+                        printf("%s", getname(tptr+2));
                         break;
-                    case BGP_EXT_COM_OSPF_RTYPE: 
-                        printf("\n\t    %s%s%s, area:%s, router-type:%s, metric-type:%s%s",
-                               (extd_comm&0x8000) ? "vendor-specific: " : "",
-                               (extd_comm&0x4000) ? "non-transitive: " : "",
-                               tok2str(bgp_extd_comm_subtype_values,
-                                       "unknown",
-                                       extd_comm),
+                    case BGP_EXT_COM_OSPF_RTYPE:
+                    case BGP_EXT_COM_OSPF_RTYPE2: 
+                        printf(": area:%s, router-type:%s, metric-type:%s%s",
                                getname(tptr+2),
                                tok2str(bgp_extd_comm_ospf_rtype_values,
-                                       "unknown",
-                                       extd_comm),
+                                       "unknown (0x%02x)",
+                                       *(tptr+6)),
                                (*(tptr+7) &  BGP_OSPF_RTYPE_METRIC_TYPE) ? "E2" : "",
                                (*(tptr+6) == (BGP_OSPF_RTYPE_EXT ||BGP_OSPF_RTYPE_NSSA )) ? "E1" : "");
                         break;
                     case BGP_EXT_COM_L2INFO:
-                        printf("\n\t    %s%s:%s:Control Flags [0x%02x]:MTU %u",
-                               (extd_comm&0x4000) ? "non-transitive: " : "",
-                               tok2str(bgp_extd_comm_subtype_values,
-                                       "unknown",
-                                       extd_comm),
+                        printf(": %s Control Flags [0x%02x]:MTU %u",
                                tok2str(bgp_l2vpn_encaps_values,
                                        "unknown encaps",
                                        *(tptr+2)),
@@ -1061,8 +1433,6 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                                EXTRACT_16BITS(tptr+4));
                         break;
                     default:
-                        printf("\n\t      no typecode %u decoder",
-                               extd_comm);
                         print_unknown_data(tptr,"\n\t      ",8);
                         break;
                     }
@@ -1072,6 +1442,7 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                 break;
 
        default:
+           TCHECK2(*pptr,len);
             printf("\n\t    no Attribute %u decoder",attr->bgpa_type); /* we have no decoder for the attribute */
             if (vflag <= 1)
                 print_unknown_data(pptr,"\n\t    ",len);
@@ -1079,6 +1450,10 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
        }
         if (vflag > 1 && len) /* omit zero length attributes*/
             print_unknown_data(pptr,"\n\t    ",len);
+        return 1;
+
+trunc:
+        return 0;
 }
 
 static void
@@ -1210,6 +1585,7 @@ bgp_update_print(const u_char *dat, int length)
                printf("\n\t  Withdrawn routes: %d bytes", len);
 #else
                char buf[MAXHOSTNAMELEN + 100];
+               int wpfx;
 
                TCHECK2(p[2], len);
                i = 2;
@@ -1217,8 +1593,16 @@ bgp_update_print(const u_char *dat, int length)
                printf("\n\t  Withdrawn routes:");
 
                while(i < 2 + len) {
-                       i += decode_prefix4(&p[i], buf, sizeof(buf));
-                       printf("\n\t    %s", buf);
+                       wpfx = decode_prefix4(&p[i], buf, sizeof(buf));
+                       if (wpfx == -1) {
+                               printf("\n\t    (illegal prefix length)");
+                               break;
+                       } else if (wpfx == -2)
+                               goto trunc;
+                       else {
+                               i += wpfx;
+                               printf("\n\t    %s", buf);
+                       }
                }
 #endif
        }
@@ -1243,7 +1627,7 @@ bgp_update_print(const u_char *dat, int length)
                               alen);
 
                        if (bgpa.bgpa_flags) {
-                               printf(", flags [%s%s%s%s",
+                               printf(", Flags [%s%s%s%s",
                                        bgpa.bgpa_flags & 0x80 ? "O" : "",
                                        bgpa.bgpa_flags & 0x40 ? "T" : "",
                                        bgpa.bgpa_flags & 0x20 ? "P" : "",
@@ -1252,7 +1636,8 @@ bgp_update_print(const u_char *dat, int length)
                                        printf("+%x", bgpa.bgpa_flags & 0xf);
                                printf("]: ");
                        }
-                       bgp_attr_print(&bgpa, &p[i + aoff], alen);
+                       if (!bgp_attr_print(&bgpa, &p[i + aoff], alen))
+                               goto trunc;
                        i += aoff + alen;
                }
        }
@@ -1263,10 +1648,14 @@ bgp_update_print(const u_char *dat, int length)
                while (dat + length > p) {
                        char buf[MAXHOSTNAMELEN + 100];
                        i = decode_prefix4(p, buf, sizeof(buf));
-                       printf("\n\t    %s", buf);
-                       if (i < 0)
-                               break;
-                       p += i;
+                       if (i == -1)
+                               printf("\n\t    (illegal prefix length)");
+                       else if (i == -2)
+                               goto trunc;
+                       else {
+                               printf("\n\t    %s", buf);
+                               p += i;
+                       }
                }
        }
        return;
@@ -1279,6 +1668,7 @@ bgp_notification_print(const u_char *dat, int length)
 {
        struct bgp_notification bgpn;
        int hlen;
+       const u_char *tptr;
 
        TCHECK2(dat[0], BGP_NOTIFICATION_SIZE);
        memcpy(&bgpn, dat, BGP_NOTIFICATION_SIZE);
@@ -1288,18 +1678,49 @@ bgp_notification_print(const u_char *dat, int length)
         if (length<BGP_NOTIFICATION_SIZE)
             return;
 
-       printf(", Error - %s", tok2str(bgp_notify_major_values, "Unknown", bgpn.bgpn_major));
+       printf(", %s (%u)",
+              tok2str(bgp_notify_major_values, "Unknown Error", bgpn.bgpn_major),
+              bgpn.bgpn_major);
 
         switch (bgpn.bgpn_major) {
 
         case BGP_NOTIFY_MAJOR_MSG:
-            printf(" subcode %s", tok2str(bgp_notify_minor_msg_values, "Unknown", bgpn.bgpn_minor));
+            printf(", subcode %s (%u)",
+                  tok2str(bgp_notify_minor_msg_values, "Unknown", bgpn.bgpn_minor),
+                  bgpn.bgpn_minor);
             break;
         case BGP_NOTIFY_MAJOR_OPEN:
-            printf(" subcode %s", tok2str(bgp_notify_minor_open_values, "Unknown", bgpn.bgpn_minor));
+            printf(", subcode %s (%u)",
+                  tok2str(bgp_notify_minor_open_values, "Unknown", bgpn.bgpn_minor),
+                  bgpn.bgpn_minor);
             break;
         case BGP_NOTIFY_MAJOR_UPDATE:
-            printf(" subcode %s", tok2str(bgp_notify_minor_update_values, "Unknown", bgpn.bgpn_minor));
+            printf(", subcode %s (%u)",
+                  tok2str(bgp_notify_minor_update_values, "Unknown", bgpn.bgpn_minor),
+                  bgpn.bgpn_minor);
+            break;
+        case BGP_NOTIFY_MAJOR_CAP:
+            printf(" subcode %s (%u)",
+                  tok2str(bgp_notify_minor_cap_values, "Unknown", bgpn.bgpn_minor),
+                  bgpn.bgpn_minor);
+        case BGP_NOTIFY_MAJOR_CEASE:
+            printf(", subcode %s (%u)",
+                  tok2str(bgp_notify_minor_cease_values, "Unknown", bgpn.bgpn_minor),
+                  bgpn.bgpn_minor);
+
+           /* draft-ietf-idr-cease-subcode-02 mentions optionally 7 bytes
+             * for the maxprefix subtype, which may contain AFI, SAFI and MAXPREFIXES
+             */
+           if(bgpn.bgpn_minor == BGP_NOTIFY_MINOR_CEASE_MAXPRFX && length >= BGP_NOTIFICATION_SIZE + 7) {
+               tptr = dat + BGP_NOTIFICATION_SIZE;
+               TCHECK2(*tptr, 7);
+               printf(", AFI %s (%u), SAFI %s (%u), Max Prefixes: %u",
+                      tok2str(bgp_afi_values, "Unknown", EXTRACT_16BITS(tptr)),
+                      EXTRACT_16BITS(tptr),
+                      tok2str(bgp_safi_values, "Unknown", *(tptr+2)),
+                      *(tptr+2),
+                      EXTRACT_32BITS(tptr+3));
+           }
             break;
         default:
             break;
@@ -1330,7 +1751,7 @@ bgp_route_refresh_print(const u_char *pptr, int len) {
         return;
 }
 
-static void
+static int
 bgp_header_print(const u_char *dat, int length)
 {
        struct bgp bgp;
@@ -1363,9 +1784,10 @@ bgp_header_print(const u_char *dat, int length)
             print_unknown_data(dat,"\n\t  ",length);
                 break;
        }
-       return;
+       return 1;
 trunc:
        printf("[|BGP]");
+       return 0;
 }
 
 void
@@ -1415,13 +1837,19 @@ bgp_print(const u_char *dat, int length)
                        printf(" [|BGP]");
 
                hlen = ntohs(bgp.bgp_len);
+               if (hlen < BGP_SIZE) {
+                       printf("\n[|BGP Bogus header length %u < %u]", hlen,
+                           BGP_SIZE);
+                       break;
+               }
 
                if (TTEST2(p[0], hlen)) {
-                       bgp_header_print(p, hlen);
+                       if (!bgp_header_print(p, hlen))
+                               return;
                        p += hlen;
                        start = p;
                } else {
-                       printf("[|BGP %s]", tok2str(bgp_msg_values, "Unknown Message Type",bgp.bgp_type));
+                       printf("\n[|BGP %s]", tok2str(bgp_msg_values, "Unknown Message Type",bgp.bgp_type));
                        break;
                }
        }
@@ -1431,14 +1859,3 @@ bgp_print(const u_char *dat, int length)
 trunc:
        printf(" [|BGP]");
 }
-
-
-
-
-
-
-
-
-
-
-
[mirror] the TCPdump network dissector