]> The Tcpdump Group git mirrors - tcpdump/blobdiff - print-bgp.c
projects / tcpdump / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
change make check to work with POSIX shell
[tcpdump] / print-bgp.c
diff --git a/print-bgp.c b/print-bgp.c
index fd25ba84cdbf6e475b40e3614374b2c9bfab9832..7db3c6bb0f93931a2cdddae9ff55cdf544dac2f5 100644 (file)
--- a/print-bgp.c
+++ b/print-bgp.c
@@ -26,10 +26,12 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * Extensively modified by Hannes Gredler (hannes@juniper.net) for more
+ * Extensively modified by Hannes Gredler (hannes@gredler.at) for more
  * complete BGP support.
  */
 
+/* \summary: Border Gateway Protocol (BGP) printer */
+
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
@@ -45,6 +47,8 @@
 #include "af.h"
 #include "l2vpn.h"
 
+static const char tstr[] = "[|BGP]";
+
 struct bgp {
        uint8_t bgp_marker[16];
        uint16_t bgp_len;
@@ -120,19 +124,25 @@ struct bgp_route_refresh {
 #define BGPTYPE_ATOMIC_AGGREGATE       6
 #define BGPTYPE_AGGREGATOR             7
 #define        BGPTYPE_COMMUNITIES             8       /* RFC1997 */
-#define        BGPTYPE_ORIGINATOR_ID           9       /* RFC1998 */
-#define        BGPTYPE_CLUSTER_LIST            10      /* RFC1998 */
-#define        BGPTYPE_DPA                     11      /* draft-ietf-idr-bgp-dpa */
-#define        BGPTYPE_ADVERTISERS             12      /* RFC1863 */
-#define        BGPTYPE_RCID_PATH               13      /* RFC1863 */
-#define BGPTYPE_MP_REACH_NLRI          14      /* RFC2283 */
-#define BGPTYPE_MP_UNREACH_NLRI                15      /* RFC2283 */
-#define BGPTYPE_EXTD_COMMUNITIES        16      /* draft-ietf-idr-bgp-ext-communities */
-#define BGPTYPE_AS4_PATH               17      /* RFC4893 */
-#define BGPTYPE_AGGREGATOR4            18      /* RFC4893 */
-#define BGPTYPE_PMSI_TUNNEL             22      /* draft-ietf-l3vpn-2547bis-mcast-bgp-02.txt */
+#define        BGPTYPE_ORIGINATOR_ID           9       /* RFC4456 */
+#define        BGPTYPE_CLUSTER_LIST            10      /* RFC4456 */
+#define        BGPTYPE_DPA                     11      /* deprecated, draft-ietf-idr-bgp-dpa */
+#define        BGPTYPE_ADVERTISERS             12      /* deprecated RFC1863 */
+#define        BGPTYPE_RCID_PATH               13      /* deprecated RFC1863 */
+#define BGPTYPE_MP_REACH_NLRI          14      /* RFC4760 */
+#define BGPTYPE_MP_UNREACH_NLRI                15      /* RFC4760 */
+#define BGPTYPE_EXTD_COMMUNITIES        16      /* RFC4360 */
+#define BGPTYPE_AS4_PATH               17      /* RFC6793 */
+#define BGPTYPE_AGGREGATOR4            18      /* RFC6793 */
+#define BGPTYPE_PMSI_TUNNEL             22      /* RFC6514 */
+#define BGPTYPE_TUNNEL_ENCAP            23      /* RFC5512 */
+#define BGPTYPE_TRAFFIC_ENG             24      /* RFC5543 */
+#define BGPTYPE_IPV6_EXTD_COMMUNITIES   25      /* RFC5701 */
 #define BGPTYPE_AIGP                    26      /* RFC7311 */
-#define BGPTYPE_ATTR_SET               128      /* draft-marques-ppvpn-ibgp */
+#define BGPTYPE_PE_DISTINGUISHER_LABEL  27      /* RFC6514 */
+#define BGPTYPE_ENTROPY_LABEL           28      /* RFC6790 */
+#define BGPTYPE_LARGE_COMMUNITY                32      /* draft-ietf-idr-large-community-05 */
+#define BGPTYPE_ATTR_SET               128      /* RFC6368 */
 
 #define BGP_MP_NLRI_MINSIZE              3       /* End of RIB Marker detection */
 
@@ -156,7 +166,13 @@ static const struct tok bgp_attr_values[] = {
     { BGPTYPE_MP_UNREACH_NLRI,  "Multi-Protocol Unreach NLRI"},
     { BGPTYPE_EXTD_COMMUNITIES, "Extended Community"},
     { BGPTYPE_PMSI_TUNNEL,      "PMSI Tunnel"},
+    { BGPTYPE_TUNNEL_ENCAP,     "Tunnel Encapsulation"},
+    { BGPTYPE_TRAFFIC_ENG,      "Traffic Engineering"},
+    { BGPTYPE_IPV6_EXTD_COMMUNITIES, "IPv6 Extended Community"},
     { BGPTYPE_AIGP,             "Accumulated IGP Metric"},
+    { BGPTYPE_PE_DISTINGUISHER_LABEL, "PE Distinguisher Label"},
+    { BGPTYPE_ENTROPY_LABEL,    "Entropy Label"},
+    { BGPTYPE_LARGE_COMMUNITY,  "Large Community"},
     { BGPTYPE_ATTR_SET,         "Attribute Set"},
     { 255,                      "Reserved for development"},
     { 0, NULL}
@@ -189,30 +205,37 @@ static const struct tok bgp_as_path_segment_close_values[] = {
 #define BGP_OPT_AUTH                    1
 #define BGP_OPT_CAP                     2
 
-
 static const struct tok bgp_opt_values[] = {
     { BGP_OPT_AUTH,             "Authentication Information"},
     { BGP_OPT_CAP,              "Capabilities Advertisement"},
     { 0, NULL}
 };
 
-#define BGP_CAPCODE_MP                  1
-#define BGP_CAPCODE_RR                  2
-#define BGP_CAPCODE_ORF                 3 /* XXX */
-#define BGP_CAPCODE_RESTART            64 /* draft-ietf-idr-restart-05  */
-#define BGP_CAPCODE_AS_NEW             65 /* XXX */
-#define BGP_CAPCODE_DYN_CAP            67 /* XXX */
-#define BGP_CAPCODE_ADD_PATH           69 /* draft-ietf-idr-add-paths-10 */
+#define BGP_CAPCODE_MP                  1 /* RFC2858 */
+#define BGP_CAPCODE_RR                  2 /* RFC2918 */
+#define BGP_CAPCODE_ORF                 3 /* RFC5291 */
+#define BGP_CAPCODE_MR                  4 /* RFC3107 */
+#define BGP_CAPCODE_EXT_NH              5 /* RFC5549 */
+#define BGP_CAPCODE_RESTART            64 /* RFC4724  */
+#define BGP_CAPCODE_AS_NEW             65 /* RFC6793 */
+#define BGP_CAPCODE_DYN_CAP            67 /* draft-ietf-idr-dynamic-cap */
+#define BGP_CAPCODE_MULTISESS          68 /* draft-ietf-idr-bgp-multisession */
+#define BGP_CAPCODE_ADD_PATH           69 /* RFC7911 */
+#define BGP_CAPCODE_ENH_RR             70 /* draft-keyur-bgp-enhanced-route-refresh */
 #define BGP_CAPCODE_RR_CISCO          128
 
 static const struct tok bgp_capcode_values[] = {
     { BGP_CAPCODE_MP,           "Multiprotocol Extensions"},
     { BGP_CAPCODE_RR,           "Route Refresh"},
     { BGP_CAPCODE_ORF,          "Cooperative Route Filtering"},
+    { BGP_CAPCODE_MR,           "Multiple Routes to a Destination"},
+    { BGP_CAPCODE_EXT_NH,       "Extended Next Hop Encoding"},
     { BGP_CAPCODE_RESTART,      "Graceful Restart"},
     { BGP_CAPCODE_AS_NEW,       "32-Bit AS Number"},
     { BGP_CAPCODE_DYN_CAP,      "Dynamic Capability"},
+    { BGP_CAPCODE_MULTISESS,    "Multisession BGP"},
     { BGP_CAPCODE_ADD_PATH,     "Multiple Paths"},
+    { BGP_CAPCODE_ENH_RR,       "Enhanced Route Refresh"},
     { BGP_CAPCODE_RR_CISCO,     "Route Refresh (Cisco)"},
     { 0, NULL}
 };
@@ -282,6 +305,13 @@ static const struct tok bgp_notify_minor_update_values[] = {
     { 0, NULL}
 };
 
+static const struct tok bgp_notify_minor_fsm_values[] = {
+    { 1,                        "In OpenSent State"},
+    { 2,                        "In OpenConfirm State"},
+    { 3,                        "In Established State"},
+    { 0, NULL }
+};
+
 static const struct tok bgp_notify_minor_cap_values[] = {
     { 1,                        "Invalid Action Value" },
     { 2,                        "Invalid Capability Length" },
@@ -328,25 +358,27 @@ static const struct tok bgp_aigp_values[] = {
     { 0, NULL}
 };
 
-
 /* Subsequent address family identifier, RFC2283 section 7 */
 #define SAFNUM_RES                      0
 #define SAFNUM_UNICAST                  1
 #define SAFNUM_MULTICAST                2
-#define SAFNUM_UNIMULTICAST             3
+#define SAFNUM_UNIMULTICAST             3       /* deprecated now */
 /* labeled BGP RFC3107 */
 #define SAFNUM_LABUNICAST               4
-/* draft-ietf-l3vpn-2547bis-mcast-bgp-02.txt */
+/* RFC6514 */
 #define SAFNUM_MULTICAST_VPN            5
-#define SAFNUM_TUNNEL                   64 /* XXX */
-#define SAFNUM_VPLS                     65 /* XXX */
-/* draft-nalawade-idr-mdt-safi-03 */
+/* draft-nalawade-kapoor-tunnel-safi */
+#define SAFNUM_TUNNEL                   64
+/* RFC4761 */
+#define SAFNUM_VPLS                     65
+/* RFC6037 */
 #define SAFNUM_MDT                      66
-/* Section 4.3.4 of draft-rosen-rfc2547bis-03.txt  */
+/* RFC4364 */
 #define SAFNUM_VPNUNICAST               128
+/* RFC6513 */
 #define SAFNUM_VPNMULTICAST             129
-#define SAFNUM_VPNUNIMULTICAST          130
-/* draft-marques-ppvpn-rt-constrain-01.txt */
+#define SAFNUM_VPNUNIMULTICAST          130     /* deprecated now */
+/* RFC4684 */
 #define SAFNUM_RT_ROUTING_INFO          132
 
 #define BGP_VPN_RD_LEN                  8
@@ -400,7 +432,6 @@ static const struct tok bgp_safi_values[] = {
 #define BGP_EXT_COM_L2VPN_RT_0  0x000a  /* L2VPN Identifier,Format AS(2bytes):AN(4bytes) */
 #define BGP_EXT_COM_L2VPN_RT_1  0xF10a  /* L2VPN Identifier,Format IP address:AN(2bytes) */
 
-
 /* http://www.cisco.com/en/US/tech/tk436/tk428/technologies_tech_note09186a00801eb09a.shtml  */
 #define BGP_EXT_COM_EIGRP_GEN   0x8800
 #define BGP_EXT_COM_EIGRP_METRIC_AS_DELAY  0x8801
@@ -520,7 +551,7 @@ decode_prefix4(netdissect_options *ndo,
                ((u_char *)&addr)[plenbytes - 1] &=
                        ((0xff00 >> (plen % 8)) & 0xff);
        }
-       snprintf(buf, buflen, "%s/%d", getname(ndo, (u_char *)&addr), plen);
+       snprintf(buf, buflen, "%s/%d", ipaddr_string(ndo, &addr), plen);
        return 1 + plenbytes;
 
 trunc:
@@ -570,7 +601,7 @@ decode_labeled_prefix4(netdissect_options *ndo,
        }
         /* the label may get offsetted by 4 bits so lets shift it right */
        snprintf(buf, buflen, "%s/%d, label:%u %s",
-                 getname(ndo, (u_char *)&addr),
+                 ipaddr_string(ndo, &addr),
                  plen,
                  EXTRACT_24BITS(pptr+1)>>4,
                  ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" );
@@ -677,7 +708,6 @@ trunc:
     return (total_length);
 }
 
-
 /* RDs and RTs share the same semantics
  * we use bgp_vpn_rd_print for
  * printing route targets inside a NLRI */
@@ -728,11 +758,18 @@ decode_rt_routing_info(netdissect_options *ndo,
 {
        uint8_t route_target[8];
        u_int plen;
+       char asbuf[sizeof(astostr)]; /* bgp_vpn_rd_print() overwrites astostr */
 
+       /* NLRI "prefix length" from RFC 2858 Section 4. */
        ND_TCHECK(pptr[0]);
        plen = pptr[0];   /* get prefix length */
 
+       /* NLRI "prefix" (ibid), valid lengths are { 0, 32, 33, ..., 96 } bits.
+        * RFC 4684 Section 4 defines the layout of "origin AS" and "route
+        * target" fields inside the "prefix" depending on its length.
+        */
        if (0 == plen) {
+               /* Without "origin AS", without "route target". */
                snprintf(buf, buflen, "default route target");
                return 1;
        }
@@ -740,20 +777,29 @@ decode_rt_routing_info(netdissect_options *ndo,
        if (32 > plen)
                return -1;
 
+       /* With at least "origin AS", possibly with "route target". */
+       ND_TCHECK_32BITS(pptr + 1);
+       as_printf(ndo, asbuf, sizeof(asbuf), EXTRACT_32BITS(pptr + 1));
+
         plen-=32; /* adjust prefix length */
 
        if (64 < plen)
                return -1;
 
+       /* From now on (plen + 7) / 8 evaluates to { 0, 1, 2, ..., 8 }
+        * and gives the number of octets in the variable-length "route
+        * target" field inside this NLRI "prefix". Look for it.
+        */
        memset(&route_target, 0, sizeof(route_target));
-       ND_TCHECK2(pptr[1], (plen + 7) / 8);
-       memcpy(&route_target, &pptr[1], (plen + 7) / 8);
+       ND_TCHECK2(pptr[5], (plen + 7) / 8);
+       memcpy(&route_target, &pptr[5], (plen + 7) / 8);
+       /* Which specification says to do this? */
        if (plen % 8) {
                ((u_char *)&route_target)[(plen + 7) / 8 - 1] &=
                        ((0xff00 >> (plen % 8)) & 0xff);
        }
        snprintf(buf, buflen, "origin AS: %s, route target %s",
-           as_printf(ndo, astostr, sizeof(astostr), EXTRACT_32BITS(pptr+1)),
+           asbuf,
            bgp_vpn_rd_print(ndo, (u_char *)&route_target));
 
        return 5 + (plen + 7) / 8;
@@ -790,7 +836,7 @@ decode_labeled_vpn_prefix4(netdissect_options *ndo,
         /* the label may get offsetted by 4 bits so lets shift it right */
        snprintf(buf, buflen, "RD: %s, %s/%d, label:%u %s",
                  bgp_vpn_rd_print(ndo, pptr+4),
-                 getname(ndo, (u_char *)&addr),
+                 ipaddr_string(ndo, &addr),
                  plen,
                  EXTRACT_24BITS(pptr+1)>>4,
                  ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" );
@@ -867,6 +913,7 @@ static const struct tok bgp_multicast_vpn_route_type_values[] = {
     { BGP_MULTICAST_VPN_ROUTE_TYPE_SOURCE_ACTIVE, "Source-Active"},
     { BGP_MULTICAST_VPN_ROUTE_TYPE_SHARED_TREE_JOIN, "Shared Tree Join"},
     { BGP_MULTICAST_VPN_ROUTE_TYPE_SOURCE_TREE_JOIN, "Source Tree Join"},
+    { 0, NULL}
 };
 
 static int
@@ -931,13 +978,13 @@ decode_multicast_vpn(netdissect_options *ndo,
 
         case BGP_MULTICAST_VPN_ROUTE_TYPE_SHARED_TREE_JOIN: /* fall through */
         case BGP_MULTICAST_VPN_ROUTE_TYPE_SOURCE_TREE_JOIN:
-            ND_TCHECK2(pptr[0], BGP_VPN_RD_LEN);
+            ND_TCHECK2(pptr[0], BGP_VPN_RD_LEN + 4);
             offset = strlen(buf);
            snprintf(buf + offset, buflen - offset, ", RD: %s, Source-AS %s",
                bgp_vpn_rd_print(ndo, pptr),
                as_printf(ndo, astostr, sizeof(astostr),
                EXTRACT_32BITS(pptr + BGP_VPN_RD_LEN)));
-            pptr += BGP_VPN_RD_LEN;
+            pptr += BGP_VPN_RD_LEN + 4;
 
             bgp_vpn_sg_print(ndo, pptr, buf, buflen);
             break;
@@ -968,7 +1015,7 @@ trunc:
  */
 #define UPDATE_BUF_BUFLEN(buf, buflen, stringlen) \
     if (stringlen<0) \
-               buflen=0; \
+        buflen=0; \
     else if ((u_int)stringlen>buflen) \
         buflen=0; \
     else { \
@@ -996,8 +1043,7 @@ decode_labeled_vpn_l2(netdissect_options *ndo,
            buf[0]='\0';
            stringlen=snprintf(buf, buflen, "RD: %s, BGPNH: %s",
                               bgp_vpn_rd_print(ndo, pptr),
-                              /* need something like getname(ndo, ) here */
-                              getname(ndo, pptr+8)
+                              ipaddr_string(ndo, pptr+8)
                               );
            UPDATE_BUF_BUFLEN(buf, buflen, stringlen);
            pptr+=12;
@@ -1092,7 +1138,7 @@ decode_prefix6(netdissect_options *ndo,
                addr.s6_addr[plenbytes - 1] &=
                        ((0xff00 >> (plen % 8)) & 0xff);
        }
-       snprintf(buf, buflen, "%s/%d", getname6(ndo, (u_char *)&addr), plen);
+       snprintf(buf, buflen, "%s/%d", ip6addr_string(ndo, &addr), plen);
        return 1 + plenbytes;
 
 trunc:
@@ -1133,7 +1179,7 @@ decode_labeled_prefix6(netdissect_options *ndo,
        }
         /* the label may get offsetted by 4 bits so lets shift it right */
        snprintf(buf, buflen, "%s/%d, label:%u %s",
-                 getname6(ndo, (u_char *)&addr),
+                 ip6addr_string(ndo, &addr),
                  plen,
                  EXTRACT_24BITS(pptr+1)>>4,
                  ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" );
@@ -1175,7 +1221,7 @@ decode_labeled_vpn_prefix6(netdissect_options *ndo,
         /* the label may get offsetted by 4 bits so lets shift it right */
        snprintf(buf, buflen, "RD: %s, %s/%d, label:%u %s",
                  bgp_vpn_rd_print(ndo, pptr+4),
-                 getname6(ndo, (u_char *)&addr),
+                 ip6addr_string(ndo, &addr),
                  plen,
                  EXTRACT_24BITS(pptr+1)>>4,
                  ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" );
@@ -1315,7 +1361,7 @@ trunc:
 
 static int
 bgp_attr_print(netdissect_options *ndo,
-               u_int atype, const u_char *pptr, u_int len)
+               u_int atype, const u_char *pptr, u_int len, const unsigned attr_set_level)
 {
        int i;
        uint16_t af;
@@ -1345,7 +1391,6 @@ bgp_attr_print(netdissect_options *ndo,
                }
                break;
 
-
         /*
          * Process AS4 byte path and AS2 byte path attributes here.
          */
@@ -1374,6 +1419,7 @@ bgp_attr_print(netdissect_options *ndo,
                        ND_TCHECK(tptr[0]);
                         ND_PRINT((ndo, "%s", tok2str(bgp_as_path_segment_open_values,
                                                "?", tptr[0])));
+                       ND_TCHECK(tptr[1]);
                         for (i = 0; i < tptr[1] * as_size; i += as_size) {
                             ND_TCHECK2(tptr[2 + i], as_size);
                            ND_PRINT((ndo, "%s ",
@@ -1394,7 +1440,7 @@ bgp_attr_print(netdissect_options *ndo,
                        ND_PRINT((ndo, "invalid len"));
                else {
                        ND_TCHECK2(tptr[0], 4);
-                       ND_PRINT((ndo, "%s", getname(ndo, tptr)));
+                       ND_PRINT((ndo, "%s", ipaddr_string(ndo, tptr)));
                }
                break;
        case BGPTYPE_MULTI_EXIT_DISC:
@@ -1424,11 +1470,11 @@ bgp_attr_print(netdissect_options *ndo,
                 if (len == 6) {
                    ND_PRINT((ndo, " AS #%s, origin %s",
                        as_printf(ndo, astostr, sizeof(astostr), EXTRACT_16BITS(tptr)),
-                       getname(ndo, tptr + 2)));
+                       ipaddr_string(ndo, tptr + 2)));
                 } else {
                    ND_PRINT((ndo, " AS #%s, origin %s",
                        as_printf(ndo, astostr, sizeof(astostr),
-                       EXTRACT_32BITS(tptr)), getname(ndo, tptr + 4)));
+                       EXTRACT_32BITS(tptr)), ipaddr_string(ndo, tptr + 4)));
                 }
                 break;
        case BGPTYPE_AGGREGATOR4:
@@ -1438,8 +1484,8 @@ bgp_attr_print(netdissect_options *ndo,
                }
                ND_TCHECK2(tptr[0], 8);
                ND_PRINT((ndo, " AS #%s, origin %s",
-                   as_printf(ndo, astostr, sizeof(astostr), EXTRACT_32BITS(tptr)),
-                   getname(ndo, tptr + 4)));
+                   as_printf(ndo, astostr, sizeof(astostr), EXTRACT_32BITS(tptr)),
+                   ipaddr_string(ndo, tptr + 4)));
                break;
        case BGPTYPE_COMMUNITIES:
                if (len % 4) {
@@ -1477,7 +1523,7 @@ bgp_attr_print(netdissect_options *ndo,
                        break;
                }
                ND_TCHECK2(tptr[0], 4);
-                ND_PRINT((ndo, "%s",getname(ndo, tptr)));
+                ND_PRINT((ndo, "%s",ipaddr_string(ndo, tptr)));
                 break;
         case BGPTYPE_CLUSTER_LIST:
                if (len % 4) {
@@ -1487,7 +1533,7 @@ bgp_attr_print(netdissect_options *ndo,
                 while (tlen>0) {
                        ND_TCHECK2(tptr[0], 4);
                         ND_PRINT((ndo, "%s%s",
-                               getname(ndo, tptr),
+                               ipaddr_string(ndo, tptr),
                                 (tlen>4) ? ", " : ""));
                         tlen -=4;
                         tptr +=4;
@@ -1570,7 +1616,7 @@ bgp_attr_print(netdissect_options *ndo,
                                 tlen = 0;
                             } else {
                                 ND_TCHECK2(tptr[0], sizeof(struct in_addr));
-                                ND_PRINT((ndo, "%s",getname(ndo, tptr)));
+                                ND_PRINT((ndo, "%s",ipaddr_string(ndo, tptr)));
                                 tlen -= sizeof(struct in_addr);
                                 tptr += sizeof(struct in_addr);
                             }
@@ -1585,7 +1631,7 @@ bgp_attr_print(netdissect_options *ndo,
                                 ND_TCHECK2(tptr[0], sizeof(struct in_addr)+BGP_VPN_RD_LEN);
                                 ND_PRINT((ndo, "RD: %s, %s",
                                        bgp_vpn_rd_print(ndo, tptr),
-                                       getname(ndo, tptr+BGP_VPN_RD_LEN)));
+                                       ipaddr_string(ndo, tptr+BGP_VPN_RD_LEN)));
                                 tlen -= (sizeof(struct in_addr)+BGP_VPN_RD_LEN);
                                 tptr += (sizeof(struct in_addr)+BGP_VPN_RD_LEN);
                             }
@@ -1599,7 +1645,7 @@ bgp_attr_print(netdissect_options *ndo,
                                 tlen = 0;
                             } else {
                                 ND_TCHECK2(tptr[0], sizeof(struct in6_addr));
-                                ND_PRINT((ndo, "%s", getname6(ndo, tptr)));
+                                ND_PRINT((ndo, "%s", ip6addr_string(ndo, tptr)));
                                 tlen -= sizeof(struct in6_addr);
                                 tptr += sizeof(struct in6_addr);
                             }
@@ -1614,7 +1660,7 @@ bgp_attr_print(netdissect_options *ndo,
                                 ND_TCHECK2(tptr[0], sizeof(struct in6_addr)+BGP_VPN_RD_LEN);
                                 ND_PRINT((ndo, "RD: %s, %s",
                                        bgp_vpn_rd_print(ndo, tptr),
-                                       getname6(ndo, tptr+BGP_VPN_RD_LEN)));
+                                       ip6addr_string(ndo, tptr+BGP_VPN_RD_LEN)));
                                 tlen -= (sizeof(struct in6_addr)+BGP_VPN_RD_LEN);
                                 tptr += (sizeof(struct in6_addr)+BGP_VPN_RD_LEN);
                             }
@@ -1628,7 +1674,7 @@ bgp_attr_print(netdissect_options *ndo,
                                 tlen = 0;
                             } else {
                                 ND_TCHECK2(tptr[0], sizeof(struct in_addr));
-                                ND_PRINT((ndo, "%s", getname(ndo, tptr)));
+                                ND_PRINT((ndo, "%s", ipaddr_string(ndo, tptr)));
                                 tlen -= (sizeof(struct in_addr));
                                 tptr += (sizeof(struct in_addr));
                             }
@@ -1654,11 +1700,13 @@ bgp_attr_print(netdissect_options *ndo,
                                        bgp_vpn_rd_print(ndo, tptr),
                                        isonsap_string(ndo, tptr+BGP_VPN_RD_LEN,tlen-BGP_VPN_RD_LEN)));
                                 /* rfc986 mapped IPv4 address ? */
-                                if (EXTRACT_32BITS(tptr+BGP_VPN_RD_LEN) ==  0x47000601)
-                                    ND_PRINT((ndo, " = %s", getname(ndo, tptr+BGP_VPN_RD_LEN+4)));
+                                if (tlen == BGP_VPN_RD_LEN + 4 + sizeof(struct in_addr)
+                                    && EXTRACT_32BITS(tptr+BGP_VPN_RD_LEN) ==  0x47000601)
+                                    ND_PRINT((ndo, " = %s", ipaddr_string(ndo, tptr+BGP_VPN_RD_LEN+4)));
                                 /* rfc1888 mapped IPv6 address ? */
-                                else if (EXTRACT_24BITS(tptr+BGP_VPN_RD_LEN) ==  0x350000)
-                                    ND_PRINT((ndo, " = %s", getname6(ndo, tptr+BGP_VPN_RD_LEN+3)));
+                                else if (tlen == BGP_VPN_RD_LEN + 3 + sizeof(struct in6_addr)
+                                         && EXTRACT_24BITS(tptr+BGP_VPN_RD_LEN) ==  0x350000)
+                                    ND_PRINT((ndo, " = %s", ip6addr_string(ndo, tptr+BGP_VPN_RD_LEN+3)));
                                 tptr += tlen;
                                 tlen = 0;
                             }
@@ -1693,7 +1741,7 @@ bgp_attr_print(netdissect_options *ndo,
                        ND_PRINT((ndo, ", no SNPA"));
                 }
 
-               while (len - (tptr - pptr) > 0) {
+               while (tptr < pptr + len) {
                     switch (af<<8 | safi) {
                     case (AFNUM_INET<<8 | SAFNUM_UNICAST):
                     case (AFNUM_INET<<8 | SAFNUM_MULTICAST):
@@ -1861,7 +1909,7 @@ bgp_attr_print(netdissect_options *ndo,
 
                tptr += 3;
 
-               while (len - (tptr - pptr) > 0) {
+               while (tptr < pptr + len) {
                     switch (af<<8 | safi) {
                     case (AFNUM_INET<<8 | SAFNUM_UNICAST):
                     case (AFNUM_INET<<8 | SAFNUM_MULTICAST):
@@ -2026,14 +2074,14 @@ bgp_attr_print(netdissect_options *ndo,
                         ND_PRINT((ndo, ": %u:%u (= %s)",
                                EXTRACT_16BITS(tptr+2),
                                EXTRACT_32BITS(tptr+4),
-                               getname(ndo, tptr+4)));
+                               ipaddr_string(ndo, tptr+4)));
                         break;
                     case BGP_EXT_COM_RT_1:
                     case BGP_EXT_COM_RO_1:
                     case BGP_EXT_COM_L2VPN_RT_1:
                     case BGP_EXT_COM_VRF_RT_IMP:
                         ND_PRINT((ndo, ": %s:%u",
-                               getname(ndo, tptr+2),
+                               ipaddr_string(ndo, tptr+2),
                                EXTRACT_16BITS(tptr+6)));
                         break;
                     case BGP_EXT_COM_RT_2:
@@ -2053,12 +2101,12 @@ bgp_attr_print(netdissect_options *ndo,
                     case BGP_EXT_COM_VPN_ORIGIN4:
                     case BGP_EXT_COM_OSPF_RID:
                     case BGP_EXT_COM_OSPF_RID2:
-                        ND_PRINT((ndo, "%s", getname(ndo, tptr+2)));
+                        ND_PRINT((ndo, "%s", ipaddr_string(ndo, tptr+2)));
                         break;
                     case BGP_EXT_COM_OSPF_RTYPE:
                     case BGP_EXT_COM_OSPF_RTYPE2:
                         ND_PRINT((ndo, ": area:%s, router-type:%s, metric-type:%s%s",
-                               getname(ndo, tptr+2),
+                               ipaddr_string(ndo, tptr+2),
                                tok2str(bgp_extd_comm_ospf_rtype_values,
                                          "unknown (0x%02x)",
                                          *(tptr+6)),
@@ -2090,11 +2138,11 @@ bgp_attr_print(netdissect_options *ndo,
         {
                 uint8_t tunnel_type, flags;
 
+                ND_TCHECK2(tptr[0], 5);
                 tunnel_type = *(tptr+1);
                 flags = *tptr;
                 tlen = len;
 
-                ND_TCHECK2(tptr[0], 5);
                 ND_PRINT((ndo, "\n\t    Tunnel-type %s (%u), Flags [%s], MPLS Label %u",
                        tok2str(bgp_pmsi_tunnel_values, "Unknown", tunnel_type),
                        tunnel_type,
@@ -2149,36 +2197,42 @@ bgp_attr_print(netdissect_options *ndo,
                uint8_t type;
                uint16_t length;
 
-               ND_TCHECK2(tptr[0], 3);
-
                tlen = len;
 
                while (tlen >= 3) {
 
+                   ND_TCHECK2(tptr[0], 3);
+
                    type = *tptr;
                    length = EXTRACT_16BITS(tptr+1);
+                   tptr += 3;
+                   tlen -= 3;
 
                    ND_PRINT((ndo, "\n\t    %s TLV (%u), length %u",
                              tok2str(bgp_aigp_values, "Unknown", type),
                              type, length));
 
+                   if (length < 3)
+                       goto trunc;
+                   length -= 3;
 
                    /*
                     * Check if we can read the TLV data.
                     */
-                   ND_TCHECK2(tptr[3], length - 3);
+                   ND_TCHECK2(tptr[3], length);
 
                    switch (type) {
 
                    case BGP_AIGP_TLV:
-                       ND_TCHECK2(tptr[3], 8);
+                       if (length < 8)
+                           goto trunc;
                        ND_PRINT((ndo, ", metric %" PRIu64,
-                                 EXTRACT_64BITS(tptr+3)));
+                                 EXTRACT_64BITS(tptr)));
                        break;
 
                    default:
                        if (ndo->ndo_vflag <= 1) {
-                           print_unknown_data(ndo, tptr+3,"\n\t      ", length-3);
+                           print_unknown_data(ndo, tptr,"\n\t      ", length);
                        }
                    }
 
@@ -2230,15 +2284,39 @@ bgp_attr_print(netdissect_options *ndo,
                             ND_PRINT((ndo, "+%x", aflags & 0xf));
                         ND_PRINT((ndo, "]: "));
                     }
-                    /* FIXME check for recursion */
-                    if (!bgp_attr_print(ndo, atype, tptr, alen))
+                    /* The protocol encoding per se allows ATTR_SET to be nested as many times
+                     * as the message can accommodate. This printer used to be able to recurse
+                     * into ATTR_SET contents until the stack exhaustion, but now there is a
+                     * limit on that (if live protocol exchange goes that many levels deep,
+                     * something is probably wrong anyway). Feel free to refine this value if
+                     * you can find the spec with respective normative text.
+                     */
+                    if (attr_set_level == 10)
+                        ND_PRINT((ndo, "(too many nested levels, not recursing)"));
+                    else if (!bgp_attr_print(ndo, atype, tptr, alen, attr_set_level + 1))
                         return 0;
                     tptr += alen;
                     len -= alen;
                }
                 break;
 
-
+       case BGPTYPE_LARGE_COMMUNITY:
+               if (len == 0 || len % 12) {
+                       ND_PRINT((ndo, "invalid len"));
+                       break;
+               }
+               ND_PRINT((ndo, "\n\t    "));
+               while (len > 0) {
+                       ND_TCHECK2(*tptr, 12);
+                       ND_PRINT((ndo, "%u:%u:%u%s",
+                                EXTRACT_32BITS(tptr),
+                                EXTRACT_32BITS(tptr + 4),
+                                EXTRACT_32BITS(tptr + 8),
+                                (len > 12) ? ", " : ""));
+                        tptr += 12;
+                        len -= 12;
+               }
+               break;
        default:
            ND_TCHECK2(*pptr,len);
             ND_PRINT((ndo, "\n\t    no Attribute %u decoder", atype)); /* we have no decoder for the attribute */
@@ -2276,6 +2354,8 @@ bgp_capabilities_print(netdissect_options *ndo,
                 ND_TCHECK2(opt[i+2], cap_len);
                 switch (cap_type) {
                 case BGP_CAPCODE_MP:
+                    /* AFI (16 bits), Reserved (8 bits), SAFI (8 bits) */
+                    ND_TCHECK_8BITS(opt + i + 5);
                     ND_PRINT((ndo, "\n\t\tAFI %s (%u), SAFI %s (%u)",
                            tok2str(af_values, "Unknown",
                                       EXTRACT_16BITS(opt+i+2)),
@@ -2285,12 +2365,15 @@ bgp_capabilities_print(netdissect_options *ndo,
                            opt[i+5]));
                     break;
                 case BGP_CAPCODE_RESTART:
+                    /* Restart Flags (4 bits), Restart Time in seconds (12 bits) */
+                    ND_TCHECK_16BITS(opt + i + 2);
                     ND_PRINT((ndo, "\n\t\tRestart Flags: [%s], Restart Time %us",
                            ((opt[i+2])&0x80) ? "R" : "none",
                            EXTRACT_16BITS(opt+i+2)&0xfff));
                     tcap_len-=2;
                     cap_offset=4;
                     while(tcap_len>=4) {
+                        ND_TCHECK_8BITS(opt + i + cap_offset + 3);
                         ND_PRINT((ndo, "\n\t\t  AFI %s (%u), SAFI %s (%u), Forwarding state preserved: %s",
                                tok2str(af_values,"Unknown",
                                           EXTRACT_16BITS(opt+i+cap_offset)),
@@ -2354,7 +2437,7 @@ bgp_capabilities_print(netdissect_options *ndo,
         return;
 
 trunc:
-       ND_PRINT((ndo, "[|BGP]"));
+       ND_PRINT((ndo, "%s", tstr));
 }
 
 static void
@@ -2373,7 +2456,7 @@ bgp_open_print(netdissect_options *ndo,
        ND_PRINT((ndo, "my AS %s, ",
            as_printf(ndo, astostr, sizeof(astostr), ntohs(bgpo.bgpo_myas))));
        ND_PRINT((ndo, "Holdtime %us, ", ntohs(bgpo.bgpo_holdtime)));
-       ND_PRINT((ndo, "ID %s", getname(ndo, (u_char *)&bgpo.bgpo_id)));
+       ND_PRINT((ndo, "ID %s", ipaddr_string(ndo, &bgpo.bgpo_id)));
        ND_PRINT((ndo, "\n\t  Optional parameters, length: %u", bgpo.bgpo_optlen));
 
         /* some little sanity checking */
@@ -2417,7 +2500,7 @@ bgp_open_print(netdissect_options *ndo,
        }
        return;
 trunc:
-       ND_PRINT((ndo, "[|BGP]"));
+       ND_PRINT((ndo, "%s", tstr));
 }
 
 static void
@@ -2517,7 +2600,7 @@ bgp_update_print(netdissect_options *ndo,
                                goto trunc;
                        if (length < alen)
                                goto trunc;
-                       if (!bgp_attr_print(ndo, atype, p, alen))
+                       if (!bgp_attr_print(ndo, atype, p, alen, 0))
                                goto trunc;
                        p += alen;
                        len -= alen;
@@ -2554,7 +2637,7 @@ bgp_update_print(netdissect_options *ndo,
        }
        return;
 trunc:
-       ND_PRINT((ndo, "[|BGP]"));
+       ND_PRINT((ndo, "%s", tstr));
 }
 
 static void
@@ -2596,11 +2679,18 @@ bgp_notification_print(netdissect_options *ndo,
                              bgpn.bgpn_minor),
                   bgpn.bgpn_minor));
             break;
+        case BGP_NOTIFY_MAJOR_FSM:
+            ND_PRINT((ndo, " subcode %s (%u)",
+                  tok2str(bgp_notify_minor_fsm_values, "Unknown",
+                             bgpn.bgpn_minor),
+                  bgpn.bgpn_minor));
+            break;
         case BGP_NOTIFY_MAJOR_CAP:
             ND_PRINT((ndo, " subcode %s (%u)",
                   tok2str(bgp_notify_minor_cap_values, "Unknown",
                              bgpn.bgpn_minor),
                   bgpn.bgpn_minor));
+            break;
         case BGP_NOTIFY_MAJOR_CEASE:
             ND_PRINT((ndo, ", subcode %s (%u)",
                   tok2str(bgp_notify_minor_cease_values, "Unknown",
@@ -2628,7 +2718,7 @@ bgp_notification_print(netdissect_options *ndo,
 
        return;
 trunc:
-       ND_PRINT((ndo, "[|BGP]"));
+       ND_PRINT((ndo, "%s", tstr));
 }
 
 static void
@@ -2662,7 +2752,7 @@ bgp_route_refresh_print(netdissect_options *ndo,
 
         return;
 trunc:
-       ND_PRINT((ndo, "[|BGP]"));
+       ND_PRINT((ndo, "%s", tstr));
 }
 
 static int
@@ -2702,7 +2792,7 @@ bgp_header_print(netdissect_options *ndo,
        }
        return 1;
 trunc:
-       ND_PRINT((ndo, "[|BGP]"));
+       ND_PRINT((ndo, "%s", tstr));
        return 0;
 }
 
@@ -2751,7 +2841,7 @@ bgp_print(netdissect_options *ndo,
                memcpy(&bgp, p, BGP_SIZE);
 
                if (start != p)
-                       ND_PRINT((ndo, " [|BGP]"));
+                       ND_PRINT((ndo, " %s", tstr));
 
                hlen = ntohs(bgp.bgp_len);
                if (hlen < BGP_SIZE) {
@@ -2777,7 +2867,7 @@ bgp_print(netdissect_options *ndo,
        return;
 
 trunc:
-       ND_PRINT((ndo, " [|BGP]"));
+       ND_PRINT((ndo, "%s", tstr));
 }
 
 /*
[mirror] the TCPdump network dissector