X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/4f16f8793919f4f4049514e007584f5eaf158a53..refs/heads/tcpdump-3.8:/print-bgp.c

diff --git a/print-bgp.c b/print-bgp.c
index 3333eea0..08908019 100644
--- a/print-bgp.c
+++ b/print-bgp.c
@@ -35,8 +35,8 @@
 #endif
 
 #ifndef lint
-static const char rcsid[] =
-     "@(#) $Header: /tcpdump/master/tcpdump/print-bgp.c,v 1.58 2003-01-17 11:07:49 hannes Exp $";
+static const char rcsid[] _U_ =
+     "@(#) $Header: /tcpdump/master/tcpdump/print-bgp.c,v 1.72.2.5 2005-04-27 18:42:28 hannes Exp $";
 #endif
 
 #include <tcpdump-stdinc.h>
@@ -96,7 +96,6 @@ struct bgp_notification {
 	u_int8_t bgpn_type;
 	u_int8_t bgpn_major;
 	u_int8_t bgpn_minor;
-	/* data should follow */
 };
 #define BGP_NOTIFICATION_SIZE		21	/* unaligned */
 
@@ -162,6 +161,27 @@ static struct tok bgp_attr_values[] = {
     { 0, NULL}
 };
 
+#define BGP_AS_SET             1
+#define BGP_AS_SEQUENCE        2
+#define BGP_CONFED_AS_SEQUENCE 3 /* draft-ietf-idr-rfc3065bis-01 */
+#define BGP_CONFED_AS_SET      4 /* draft-ietf-idr-rfc3065bis-01  */
+
+static struct tok bgp_as_path_segment_open_values[] = {
+    { BGP_AS_SEQUENCE,         ""},
+    { BGP_AS_SET,              "{ "},
+    { BGP_CONFED_AS_SEQUENCE,  "( "},
+    { BGP_CONFED_AS_SET,       "({ "},
+    { 0, NULL}
+};
+
+static struct tok bgp_as_path_segment_close_values[] = {
+    { BGP_AS_SEQUENCE,         ""},
+    { BGP_AS_SET,              "}"},
+    { BGP_CONFED_AS_SEQUENCE,  ")"},
+    { BGP_CONFED_AS_SET,       "})"},
+    { 0, NULL}
+};
+
 #define BGP_OPT_AUTH                    1
 #define BGP_OPT_CAP                     2
 
@@ -191,6 +211,7 @@ static struct tok bgp_capcode_values[] = {
 #define BGP_NOTIFY_MAJOR_HOLDTIME       4
 #define BGP_NOTIFY_MAJOR_FSM            5
 #define BGP_NOTIFY_MAJOR_CEASE          6
+#define BGP_NOTIFY_MAJOR_CAP            7
 
 static struct tok bgp_notify_major_values[] = {
     { BGP_NOTIFY_MAJOR_MSG,     "Message Header Error"},
@@ -199,6 +220,20 @@ static struct tok bgp_notify_major_values[] = {
     { BGP_NOTIFY_MAJOR_HOLDTIME,"Hold Timer Expired"},
     { BGP_NOTIFY_MAJOR_FSM,     "Finite State Machine Error"},
     { BGP_NOTIFY_MAJOR_CEASE,   "Cease"},
+    { BGP_NOTIFY_MAJOR_CAP,     "Capability Message Error"},
+    { 0, NULL}
+};
+
+/* draft-ietf-idr-cease-subcode-02 */
+#define BGP_NOTIFY_MINOR_CEASE_MAXPRFX  1
+static struct tok bgp_notify_minor_cease_values[] = {
+    { BGP_NOTIFY_MINOR_CEASE_MAXPRFX, "Maximum Number of Prefixes Reached"},
+    { 2,                        "Administratively Shutdown"},
+    { 3,                        "Peer Unconfigured"},
+    { 4,                        "Administratively Reset"},
+    { 5,                        "Connection Rejected"},
+    { 6,                        "Other Configuration Change"},
+    { 7,                        "Connection Collision Resolution"},
     { 0, NULL}
 };
 
@@ -234,6 +269,14 @@ static struct tok bgp_notify_minor_update_values[] = {
     { 0, NULL}
 };
 
+static struct tok bgp_notify_minor_cap_values[] = {
+    { 1,                        "Invalid Action Value" },
+    { 2,                        "Invalid Capability Length" },
+    { 3,                        "Malformed Capability Value" },
+    { 4,                        "Unsupported Capability Code" },
+    { 0, NULL }
+};
+
 static struct tok bgp_origin_values[] = {
     { 0,                        "IGP"},
     { 1,                        "EGP"},
@@ -252,6 +295,8 @@ static struct tok bgp_origin_values[] = {
 #define SAFNUM_VPNUNICAST               128
 #define SAFNUM_VPNMULTICAST             129
 #define SAFNUM_VPNUNIMULTICAST          130
+/* draft-marques-ppvpn-rt-constrain-01.txt */
+#define SAFNUM_RT_ROUTING_INFO          132
 
 #define BGP_VPN_RD_LEN                  8
 
@@ -264,6 +309,7 @@ static struct tok bgp_safi_values[] = {
     { SAFNUM_VPNUNICAST,        "labeled VPN Unicast"},
     { SAFNUM_VPNMULTICAST,      "labeled VPN Multicast"},
     { SAFNUM_VPNUNIMULTICAST,   "labeled VPN Unicast+Multicast"},
+    { SAFNUM_RT_ROUTING_INFO,   "Route Target Routing Information"},
     { 0, NULL }
 };
 
@@ -312,29 +358,52 @@ static struct tok bgp_afi_values[] = {
     { 0, NULL},
 };
 
-/* Extended community type - draft-ramachandra-bgp-ext-communities */
+/* Extended community type - draft-ietf-idr-bgp-ext-communities-05 */
 #define BGP_EXT_COM_RT_0        0x0002  /* Route Target,Format AS(2bytes):AN(4bytes) */
 #define BGP_EXT_COM_RT_1        0x0102  /* Route Target,Format IP address:AN(2bytes) */
+#define BGP_EXT_COM_RT_2        0x0202  /* Route Target,Format AN(4bytes):local(2bytes) */
 #define BGP_EXT_COM_RO_0        0x0003  /* Route Origin,Format AS(2bytes):AN(4bytes) */
 #define BGP_EXT_COM_RO_1        0x0103  /* Route Origin,Format IP address:AN(2bytes) */
+#define BGP_EXT_COM_RO_2        0x0203  /* Route Origin,Format AN(4bytes):local(2bytes) */
 #define BGP_EXT_COM_LINKBAND    0x4004  /* Link Bandwidth,Format AS(2B):Bandwidth(4B) */
                                         /* rfc2547 bgp-mpls-vpns */
-#define BGP_EXT_COM_VPN_ORIGIN  0x0005  /* OSPF Domain ID / VPN of Origin  */
-                                        /* draft-rosen-vpns-ospf-bgp-mpls */
-#define BGP_EXT_COM_OSPF_RTYPE  0x8000  /* OSPF Route Type,Format Area(4B):RouteType(1B):Options(1B) */
-#define BGP_EXT_COM_OSPF_RID    0x8001  /* OSPF Router ID,Format RouterID(4B):Unused(2B) */
+
+#define BGP_EXT_COM_VPN_ORIGIN  0x0005  /* OSPF Domain ID / VPN of Origin  - draft-rosen-vpns-ospf-bgp-mpls */
+#define BGP_EXT_COM_VPN_ORIGIN2 0x0105  /* duplicate - keep for backwards compatability */
+#define BGP_EXT_COM_VPN_ORIGIN3 0x0205  /* duplicate - keep for backwards compatability */
+#define BGP_EXT_COM_VPN_ORIGIN4 0x8005  /* duplicate - keep for backwards compatability */
+
+#define BGP_EXT_COM_OSPF_RTYPE  0x0306  /* OSPF Route Type,Format Area(4B):RouteType(1B):Options(1B) */
+#define BGP_EXT_COM_OSPF_RTYPE2 0x8000  /* duplicate - keep for backwards compatability */
+
+#define BGP_EXT_COM_OSPF_RID    0x0107  /* OSPF Router ID,Format RouterID(4B):Unused(2B) */
+#define BGP_EXT_COM_OSPF_RID2   0x8001  /* duplicate - keep for backwards compatability */ 
+
 #define BGP_EXT_COM_L2INFO      0x800a  /* draft-kompella-ppvpn-l2vpn */
 
+static struct tok bgp_extd_comm_flag_values[] = {
+    { 0x8000,                  "vendor-specific"},
+    { 0x4000,                  "non-transitive"},
+    { 0, NULL},
+};
+
 static struct tok bgp_extd_comm_subtype_values[] = {
-    { BGP_EXT_COM_RT_0,       "target"},
-    { BGP_EXT_COM_RT_1,       "target"},
-    { BGP_EXT_COM_RO_0,       "origin"},
-    { BGP_EXT_COM_RO_1,       "origin"},
-    { BGP_EXT_COM_LINKBAND,   "link-BW"},
-    { BGP_EXT_COM_VPN_ORIGIN, "ospf-domain"},
-    { BGP_EXT_COM_OSPF_RTYPE, "ospf-route-type"},
-    { BGP_EXT_COM_OSPF_RID,   "ospf-router-id"},
-    { BGP_EXT_COM_L2INFO,     "layer2-info"}, 
+    { BGP_EXT_COM_RT_0,        "target"},
+    { BGP_EXT_COM_RT_1,        "target"},
+    { BGP_EXT_COM_RT_2,        "target"},
+    { BGP_EXT_COM_RO_0,        "origin"},
+    { BGP_EXT_COM_RO_1,        "origin"},
+    { BGP_EXT_COM_RO_2,        "origin"},
+    { BGP_EXT_COM_LINKBAND,    "link-BW"},
+    { BGP_EXT_COM_VPN_ORIGIN,  "ospf-domain"},
+    { BGP_EXT_COM_VPN_ORIGIN2, "ospf-domain"},
+    { BGP_EXT_COM_VPN_ORIGIN3, "ospf-domain"},
+    { BGP_EXT_COM_VPN_ORIGIN4, "ospf-domain"},
+    { BGP_EXT_COM_OSPF_RTYPE,  "ospf-route-type"},
+    { BGP_EXT_COM_OSPF_RTYPE2, "ospf-route-type"},
+    { BGP_EXT_COM_OSPF_RID,    "ospf-router-id"},
+    { BGP_EXT_COM_OSPF_RID2,   "ospf-router-id"},
+    { BGP_EXT_COM_L2INFO,      "layer2-info"}, 
     { 0, NULL},
 };
 
@@ -381,11 +450,13 @@ decode_prefix4(const u_char *pptr, char *buf, u_int buflen)
 	struct in_addr addr;
 	u_int plen;
 
+	TCHECK(pptr[0]);
 	plen = pptr[0];
 	if (32 < plen)
 		return -1;
 
 	memset(&addr, 0, sizeof(addr));
+	TCHECK2(pptr[1], (plen + 7) / 8);
 	memcpy(&addr, &pptr[1], (plen + 7) / 8);
 	if (plen % 8) {
 		((u_char *)&addr)[(plen + 7) / 8 - 1] &=
@@ -393,6 +464,9 @@ decode_prefix4(const u_char *pptr, char *buf, u_int buflen)
 	}
 	snprintf(buf, buflen, "%s/%d", getname((u_char *)&addr), plen);
 	return 1 + (plen + 7) / 8;
+
+trunc:
+	return -2;
 }
 
 static int
@@ -401,6 +475,7 @@ decode_labeled_prefix4(const u_char *pptr, char *buf, u_int buflen)
 	struct in_addr addr;
 	u_int plen;
 
+	TCHECK(pptr[0]);
 	plen = pptr[0];   /* get prefix length */
 
         /* this is one of the weirdnesses of rfc3107
@@ -417,6 +492,7 @@ decode_labeled_prefix4(const u_char *pptr, char *buf, u_int buflen)
 		return -1;
 
 	memset(&addr, 0, sizeof(addr));
+	TCHECK2(pptr[4], (plen + 7) / 8);
 	memcpy(&addr, &pptr[4], (plen + 7) / 8);
 	if (plen % 8) {
 		((u_char *)&addr)[(plen + 7) / 8 - 1] &=
@@ -430,8 +506,14 @@ decode_labeled_prefix4(const u_char *pptr, char *buf, u_int buflen)
                  ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" );
 
 	return 4 + (plen + 7) / 8;
+
+trunc:
+	return -2;
 }
 
+/* RDs and RTs share the same semantics
+ * we use bgp_vpn_rd_print for
+ * printing route targets inside a NLRI */
 static char *
 bgp_vpn_rd_print (const u_char *pptr) {
 
@@ -443,38 +525,71 @@ bgp_vpn_rd_print (const u_char *pptr) {
 
     /* ok lets load the RD format */
     switch (EXTRACT_16BITS(pptr)) {
+
         /* AS:IP-address fmt*/
     case 0:
-        pos+=sprintf(pos, "%u:%u.%u.%u.%u",
-                     EXTRACT_16BITS(pptr+2),
-                     *(pptr+4),
-                     *(pptr+5),
-                     *(pptr+6),
-                     *(pptr+7));
+        snprintf(pos, sizeof(rd) - (pos - rd), "%u:%u.%u.%u.%u",
+            EXTRACT_16BITS(pptr+2), *(pptr+4), *(pptr+5), *(pptr+6), *(pptr+7));
         break;
         /* IP-address:AS fmt*/
+
     case 1:
-        pos+=sprintf(pos, "%u.%u.%u.%u:%u",
-                     *(pptr+2),
-                     *(pptr+3),
-                     *(pptr+4),
-                     *(pptr+5),
-                     EXTRACT_16BITS(pptr+6));
+        snprintf(pos, sizeof(rd) - (pos - rd), "%u.%u.%u.%u:%u",
+            *(pptr+2), *(pptr+3), *(pptr+4), *(pptr+5), EXTRACT_16BITS(pptr+6));
+        break;
+
+        /* 4-byte-AS:number fmt*/
+    case 2:
+        snprintf(pos, sizeof(rd) - (pos - rd), "%u:%u",
+            EXTRACT_32BITS(pptr+2), EXTRACT_16BITS(pptr+6));
         break;
     default:
-        pos+=sprintf(pos, "unknown RD format");
+        snprintf(pos, sizeof(rd) - (pos - rd), "unknown RD format");
         break;
     }
+    pos += strlen(pos);
     *(pos) = '\0';
     return (rd);
 }
 
+static int
+decode_rt_routing_info(const u_char *pptr, char *buf, u_int buflen)
+{
+	u_int8_t route_target[8];
+	u_int plen;
+
+	TCHECK(pptr[0]);
+	plen = pptr[0];   /* get prefix length */
+
+        plen-=32; /* adjust prefix length */
+
+	if (0 < plen)
+		return -1;
+
+	memset(&route_target, 0, sizeof(route_target));
+	TCHECK2(pptr[1], (plen + 7) / 8);
+	memcpy(&route_target, &pptr[1], (plen + 7) / 8);
+	if (plen % 8) {
+		((u_char *)&route_target)[(plen + 7) / 8 - 1] &=
+			((0xff00 >> (plen % 8)) & 0xff);
+	}
+	snprintf(buf, buflen, "origin AS: %u, route target %s",
+                 EXTRACT_32BITS(pptr+1),
+                 bgp_vpn_rd_print((u_char *)&route_target));
+
+	return 5 + (plen + 7) / 8;
+
+trunc:
+	return -2;
+}
+
 static int
 decode_labeled_vpn_prefix4(const u_char *pptr, char *buf, u_int buflen)
 {
 	struct in_addr addr;
 	u_int plen;
 
+	TCHECK(pptr[0]);
 	plen = pptr[0];   /* get prefix length */
 
         plen-=(24+64); /* adjust prefixlen - labellength - RD len*/
@@ -483,6 +598,7 @@ decode_labeled_vpn_prefix4(const u_char *pptr, char *buf, u_int buflen)
 		return -1;
 
 	memset(&addr, 0, sizeof(addr));
+	TCHECK2(pptr[12], (plen + 7) / 8);
 	memcpy(&addr, &pptr[12], (plen + 7) / 8);
 	if (plen % 8) {
 		((u_char *)&addr)[(plen + 7) / 8 - 1] &=
@@ -497,15 +613,21 @@ decode_labeled_vpn_prefix4(const u_char *pptr, char *buf, u_int buflen)
                  ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" );
 
 	return 12 + (plen + 7) / 8;
+
+trunc:
+	return -2;
 }
 
 static int
 decode_labeled_vpn_l2(const u_char *pptr, char *buf, u_int buflen)
 {
         int plen,tlen,strlen,tlv_type,tlv_len,ttlv_len;
+
+	TCHECK2(pptr[0], 2);
         plen=EXTRACT_16BITS(pptr);
         tlen=plen;
         pptr+=2;
+	TCHECK2(pptr[0],15);
         strlen=snprintf(buf, buflen, "RD: %s, CE-ID: %u, Label-Block Offset: %u, Label Base %u",
                         bgp_vpn_rd_print(pptr),
                         EXTRACT_16BITS(pptr+8),
@@ -516,6 +638,9 @@ decode_labeled_vpn_l2(const u_char *pptr, char *buf, u_int buflen)
 
         /* ok now the variable part - lets read out TLVs*/
         while (tlen>0) {
+            if (tlen < 3)
+                return -1;
+            TCHECK2(pptr[0], 3);
             tlv_type=*pptr++;
             tlv_len=EXTRACT_16BITS(pptr);
             ttlv_len=tlv_len;
@@ -528,6 +653,7 @@ decode_labeled_vpn_l2(const u_char *pptr, char *buf, u_int buflen)
                                  tlv_len);
                 ttlv_len=ttlv_len/8+1; /* how many bytes do we need to read ? */
                 while (ttlv_len>0) {
+                    TCHECK(pptr[0]);
                     strlen+=snprintf(buf+strlen,buflen-strlen, "%02x",*pptr++);
                     ttlv_len--;
                 }
@@ -541,6 +667,9 @@ decode_labeled_vpn_l2(const u_char *pptr, char *buf, u_int buflen)
             tlen-=(tlv_len<<3); /* the tlv-length is expressed in bits so lets shift it tright */
         }
         return plen+2;
+
+trunc:
+        return -2;
 }
 
 #ifdef INET6
@@ -550,11 +679,13 @@ decode_prefix6(const u_char *pd, char *buf, u_int buflen)
 	struct in6_addr addr;
 	u_int plen;
 
+	TCHECK(pd[0]);
 	plen = pd[0];
 	if (128 < plen)
 		return -1;
 
 	memset(&addr, 0, sizeof(addr));
+	TCHECK2(pd[1], (plen + 7) / 8);
 	memcpy(&addr, &pd[1], (plen + 7) / 8);
 	if (plen % 8) {
 		addr.s6_addr[(plen + 7) / 8 - 1] &=
@@ -562,6 +693,9 @@ decode_prefix6(const u_char *pd, char *buf, u_int buflen)
 	}
 	snprintf(buf, buflen, "%s/%d", getname6((u_char *)&addr), plen);
 	return 1 + (plen + 7) / 8;
+
+trunc:
+	return -2;
 }
 
 static int
@@ -570,6 +704,7 @@ decode_labeled_prefix6(const u_char *pptr, char *buf, u_int buflen)
 	struct in6_addr addr;
 	u_int plen;
 
+	TCHECK(pptr[0]);
 	plen = pptr[0]; /* get prefix length */
         plen-=24; /* adjust prefixlen - labellength */
 
@@ -577,6 +712,7 @@ decode_labeled_prefix6(const u_char *pptr, char *buf, u_int buflen)
 		return -1;
 
 	memset(&addr, 0, sizeof(addr));
+	TCHECK2(pptr[4], (plen + 7) / 8);
 	memcpy(&addr, &pptr[4], (plen + 7) / 8);
 	if (plen % 8) {
 		addr.s6_addr[(plen + 7) / 8 - 1] &=
@@ -590,6 +726,9 @@ decode_labeled_prefix6(const u_char *pptr, char *buf, u_int buflen)
                  ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" );
 
 	return 4 + (plen + 7) / 8;
+
+trunc:
+	return -2;
 }
 
 static int
@@ -598,6 +737,7 @@ decode_labeled_vpn_prefix6(const u_char *pptr, char *buf, u_int buflen)
 	struct in6_addr addr;
 	u_int plen;
 
+	TCHECK(pptr[0]);
 	plen = pptr[0];   /* get prefix length */
 
         plen-=(24+64); /* adjust prefixlen - labellength - RD len*/
@@ -606,6 +746,7 @@ decode_labeled_vpn_prefix6(const u_char *pptr, char *buf, u_int buflen)
 		return -1;
 
 	memset(&addr, 0, sizeof(addr));
+	TCHECK2(pptr[12], (plen + 7) / 8);
 	memcpy(&addr, &pptr[12], (plen + 7) / 8);
 	if (plen % 8) {
 		addr.s6_addr[(plen + 7) / 8 - 1] &=
@@ -620,16 +761,22 @@ decode_labeled_vpn_prefix6(const u_char *pptr, char *buf, u_int buflen)
                  ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" );
 
 	return 12 + (plen + 7) / 8;
+
+trunc:
+	return -2;
 }
 #endif
 
-static void
+static int
 bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
 {
 	int i;
 	u_int16_t af;
 	u_int8_t safi, snpa;
-        float bw; /* copy buffer for bandwidth values */
+        union { /* copy buffer for bandwidth values */
+            float f; 
+            u_int32_t i;
+        } bw;
 	int advance;
 	int tlen;
 	const u_char *tptr;
@@ -642,8 +789,10 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
 	case BGPTYPE_ORIGIN:
 		if (len != 1)
 			printf("invalid len");
-		else
+		else {
+			TCHECK(*tptr);
 			printf("%s", tok2str(bgp_origin_values, "Unknown Origin Typecode", tptr[0]));
+		}
 		break;
 	case BGPTYPE_AS_PATH:
 		if (len % 2) {
@@ -654,35 +803,36 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
 			printf("empty");
 			break;
                 }
+
 		while (tptr < pptr + len) {
-			/*
-			 * under RFC1965, p[0] means:
-			 * 1: AS_SET 2: AS_SEQUENCE
-			 * 3: AS_CONFED_SET 4: AS_CONFED_SEQUENCE
-			 */
-			if (tptr[0] == 3 || tptr[0] == 4)
-				printf("confed");
-			printf("%s", (tptr[0] & 1) ? "{" : "");
-			for (i = 0; i < tptr[1] * 2; i += 2) {
-				printf("%s%u", i == 0 ? "" : " ",
-					EXTRACT_16BITS(&tptr[2 + i]));
-			}
-			printf("%s", (tptr[0] & 1) ? "}" : "");
-			tptr += 2 + tptr[1] * 2;
+			TCHECK(tptr[0]);
+                        printf("%s", tok2str(bgp_as_path_segment_open_values, "?", tptr[0]));
+                        for (i = 0; i < tptr[1] * 2; i += 2) {
+                            TCHECK2(tptr[2 + i], 2);
+                            printf("%u ", EXTRACT_16BITS(&tptr[2 + i]));
+                        }
+			TCHECK(tptr[0]);
+                        printf("%s", tok2str(bgp_as_path_segment_close_values, "?", tptr[0]));
+                        TCHECK(tptr[1]);
+                        tptr += 2 + tptr[1] * 2;
 		}
 		break;
 	case BGPTYPE_NEXT_HOP:
 		if (len != 4)
 			printf("invalid len");
-		else
+		else {
+			TCHECK2(tptr[0], 4);
 			printf("%s", getname(tptr));
+		}
 		break;
 	case BGPTYPE_MULTI_EXIT_DISC:
 	case BGPTYPE_LOCAL_PREF:
 		if (len != 4)
 			printf("invalid len");
-		else
+		else {
+			TCHECK2(tptr[0], 4);
 			printf("%u", EXTRACT_32BITS(tptr));
+		}
 		break;
 	case BGPTYPE_ATOMIC_AGGREGATE:
 		if (len != 0)
@@ -693,6 +843,7 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
 			printf("invalid len");
 			break;
 		}
+		TCHECK2(tptr[0], 6);
 		printf(" AS #%u, origin %s", EXTRACT_16BITS(tptr),
 			getname(tptr + 2));
 		break;
@@ -703,6 +854,7 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
 		}
 		while (tlen>0) {
 			u_int32_t comm;
+			TCHECK2(tptr[0], 4);
 			comm = EXTRACT_32BITS(tptr);
 			switch (comm) {
 			case BGP_COMMUNITY_NO_EXPORT:
@@ -730,10 +882,16 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
 			printf("invalid len");
 			break;
 		}
+		TCHECK2(tptr[0], 4);
                 printf("%s",getname(tptr));
                 break;
         case BGPTYPE_CLUSTER_LIST:
+		if (len % 4) {
+			printf("invalid len");
+			break;
+		}
                 while (tlen>0) {
+			TCHECK2(tptr[0], 4);
                         printf("%s%s",
                                getname(tptr),
                                 (tlen>4) ? ", " : "");
@@ -742,6 +900,7 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                 }
                 break;
 	case BGPTYPE_MP_REACH_NLRI:
+		TCHECK2(tptr[0], 3);
 		af = EXTRACT_16BITS(tptr);
 		safi = tptr[2];
 	
@@ -767,6 +926,7 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
 
                 tptr +=3;
 
+		TCHECK(tptr[0]);
 		tlen = tptr[0];
                 tptr++;
 
@@ -780,23 +940,39 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                                     case SAFNUM_MULTICAST:
                                     case SAFNUM_UNIMULTICAST:
                                     case SAFNUM_LABUNICAST:
-					printf("%s",getname(tptr));
-					tlen -= sizeof(struct in_addr);
-                                        tptr += sizeof(struct in_addr);
+                                    case SAFNUM_RT_ROUTING_INFO:
+					if (tlen < (int)sizeof(struct in_addr)) {
+					    printf("invalid len");
+					    tlen = 0;
+					} else {
+					    TCHECK2(tptr[0], sizeof(struct in_addr));
+					    printf("%s",getname(tptr));
+					    tlen -= sizeof(struct in_addr);
+					    tptr += sizeof(struct in_addr);
+					}
 					break;
                                     case SAFNUM_VPNUNICAST:
                                     case SAFNUM_VPNMULTICAST:
                                     case SAFNUM_VPNUNIMULTICAST:
-                                        printf("RD: %s, %s",
+					if (tlen < (int)(sizeof(struct in_addr)+BGP_VPN_RD_LEN)) {
+					    printf("invalid len");
+					    tlen = 0;
+					} else {
+					    TCHECK2(tptr[0], sizeof(struct in_addr)+BGP_VPN_RD_LEN);
+					    printf("RD: %s, %s",
                                                bgp_vpn_rd_print(tptr),
                                                getname(tptr+BGP_VPN_RD_LEN));
-					tlen -= (sizeof(struct in_addr)+BGP_VPN_RD_LEN);
-                                        tptr += (sizeof(struct in_addr)+BGP_VPN_RD_LEN);
+					    tlen -= (sizeof(struct in_addr)+BGP_VPN_RD_LEN);
+					    tptr += (sizeof(struct in_addr)+BGP_VPN_RD_LEN);
+					}
                                         break;
                                     default:
-                                        printf("no SAFI %u decoder",safi);                                        
+                                        TCHECK2(tptr[0], tlen);
+                                        printf("no SAFI %u decoder",safi);
                                         if (vflag <= 1)
                                             print_unknown_data(tptr,"\n\t    ",tlen);
+                                        tptr += tlen;
+                                        tlen = 0;
                                         break;
                                     }
                                     break;
@@ -807,23 +983,39 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                                     case SAFNUM_MULTICAST:
                                     case SAFNUM_UNIMULTICAST:
                                     case SAFNUM_LABUNICAST:
-                                        printf("%s", getname6(tptr));
-                                        tlen -= sizeof(struct in6_addr);
-                                        tptr += sizeof(struct in6_addr);
+                                    case SAFNUM_RT_ROUTING_INFO:
+					if (tlen < (int)sizeof(struct in6_addr)) {
+					    printf("invalid len");
+					    tlen = 0;
+					} else {
+					    TCHECK2(tptr[0], sizeof(struct in6_addr));
+					    printf("%s", getname6(tptr));
+					    tlen -= sizeof(struct in6_addr);
+					    tptr += sizeof(struct in6_addr);
+					}
                                         break;
                                     case SAFNUM_VPNUNICAST:
                                     case SAFNUM_VPNMULTICAST:
                                     case SAFNUM_VPNUNIMULTICAST:
-                                        printf("RD: %s, %s",
+					if (tlen < (int)(sizeof(struct in6_addr)+BGP_VPN_RD_LEN)) {
+					    printf("invalid len");
+					    tlen = 0;
+					} else {
+					    TCHECK2(tptr[0], sizeof(struct in6_addr)+BGP_VPN_RD_LEN);
+					    printf("RD: %s, %s",
                                                bgp_vpn_rd_print(tptr),
                                                getname6(tptr+BGP_VPN_RD_LEN));
-					tlen -= (sizeof(struct in6_addr)+BGP_VPN_RD_LEN);
-                                        tptr += (sizeof(struct in6_addr)+BGP_VPN_RD_LEN);
+					    tlen -= (sizeof(struct in6_addr)+BGP_VPN_RD_LEN);
+					    tptr += (sizeof(struct in6_addr)+BGP_VPN_RD_LEN);
+					}
                                         break;
                                     default:
+                                        TCHECK2(tptr[0], tlen);
                                         printf("no SAFI %u decoder",safi);
                                         if (vflag <= 1)
                                             print_unknown_data(tptr,"\n\t    ",tlen);                                        
+                                        tptr += tlen;
+                                        tlen = 0;
                                         break;
                                     }
                                     break;
@@ -833,39 +1025,53 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                                     case SAFNUM_VPNUNICAST:
                                     case SAFNUM_VPNMULTICAST:
                                     case SAFNUM_VPNUNIMULTICAST:
-                                        printf("%s", getname(tptr));
-					tlen -= (sizeof(struct in_addr));
-                                        tptr += (sizeof(struct in_addr));
-                                        break;                                   
+					if (tlen < (int)sizeof(struct in_addr)) {
+					    printf("invalid len");
+					    tlen = 0;
+					} else {
+					    TCHECK2(tptr[0], sizeof(struct in_addr));
+					    printf("%s", getname(tptr));
+					    tlen -= (sizeof(struct in_addr));
+					    tptr += (sizeof(struct in_addr));
+					}
+                                        break;
                                    default:
+                                        TCHECK2(tptr[0], tlen);
                                         printf("no SAFI %u decoder",safi);
                                         if (vflag <= 1)
                                             print_unknown_data(tptr,"\n\t    ",tlen);                                        
+                                        tptr += tlen;
+                                        tlen = 0;
                                         break;
                                    }
                                    break;
 
 				default:
+                                    TCHECK2(tptr[0], tlen);
                                     printf("no AFI %u decoder",af);
                                     if (vflag <= 1)
                                       print_unknown_data(tptr,"\n\t    ",tlen);
+                                    tptr += tlen;
+                                    tlen = 0;
                                     break;
 				}
 			}
 		}
 		tptr += tlen;
 
+		TCHECK(tptr[0]);
 		snpa = tptr[0];
 		tptr++;
 
 		if (snpa) {
 			printf("\n\t    %u SNPA", snpa);
 			for (/*nothing*/; snpa > 0; snpa--) {
+				TCHECK(tptr[0]);
 				printf("\n\t      %d bytes", tptr[0]);
 				tptr += tptr[0] + 1;
 			}
 		} else {
-                printf(", no SNPA");
+			printf(", no SNPA");
                 }
 
 		while (len - (tptr - pptr) > 0) {
@@ -876,22 +1082,44 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                             case SAFNUM_MULTICAST:
                             case SAFNUM_UNIMULTICAST:
                                 advance = decode_prefix4(tptr, buf, sizeof(buf));
-	                        if (advance >= 0)
+				if (advance == -1)
+                                        printf("\n\t    (illegal prefix length)");
+	                        else if (advance == -2)
+                                        goto trunc;
+	                        else
                                 	printf("\n\t      %s", buf);
-				else 
-	                                printf("\n\t    (illegal prefix length)");
                                 break;
                             case SAFNUM_LABUNICAST:
                                 advance = decode_labeled_prefix4(tptr, buf, sizeof(buf));
-                                printf("\n\t      %s", buf);
+				if (advance == -1)
+                                        printf("\n\t    (illegal prefix length)");
+	                        else if (advance == -2)
+                                        goto trunc;
+	                        else
+                                        printf("\n\t      %s", buf);
                                 break;
                             case SAFNUM_VPNUNICAST:
                             case SAFNUM_VPNMULTICAST:
                             case SAFNUM_VPNUNIMULTICAST:
                                 advance = decode_labeled_vpn_prefix4(tptr, buf, sizeof(buf));
-                                printf("\n\t      %s", buf);
+				if (advance == -1)
+                                        printf("\n\t    (illegal prefix length)");
+	                        else if (advance == -2)
+                                        goto trunc;
+	                        else
+                                        printf("\n\t      %s", buf);
+                                break;
+                            case SAFNUM_RT_ROUTING_INFO:
+                                advance = decode_rt_routing_info(tptr, buf, sizeof(buf));
+				if (advance == -1)
+                                        printf("\n\t    (illegal prefix length)");
+	                        else if (advance == -2)
+                                        goto trunc;
+	                        else
+                                        printf("\n\t      %s", buf);
                                 break;
                             default:
+                                TCHECK2(*(tptr-3),tlen);
                                 printf("\n\t      no SAFI %u decoder",safi);
                                 if (vflag <= 1)
                                     print_unknown_data(tptr-3,"\n\t    ",tlen);
@@ -907,19 +1135,44 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                             case SAFNUM_MULTICAST:
                             case SAFNUM_UNIMULTICAST:
 				advance = decode_prefix6(tptr, buf, sizeof(buf));
-				printf("\n\t      %s", buf);
+				if (advance == -1)
+					printf("\n\t    (illegal prefix length)");
+				else if (advance == -2)
+					goto trunc;
+	                        else
+					printf("\n\t      %s", buf);
 				break;
                             case SAFNUM_LABUNICAST:
                                 advance = decode_labeled_prefix6(tptr, buf, sizeof(buf));
-                                printf("\n\t      %s", buf);
+				if (advance == -1)
+					printf("\n\t    (illegal prefix length)");
+				else if (advance == -2)
+					goto trunc;
+	                        else
+					printf("\n\t      %s", buf);
                                 break;
                             case SAFNUM_VPNUNICAST:
                             case SAFNUM_VPNMULTICAST:
                             case SAFNUM_VPNUNIMULTICAST:
                                 advance = decode_labeled_vpn_prefix6(tptr, buf, sizeof(buf));
-                                printf("\n\t      %s", buf);
+				if (advance == -1)
+					printf("\n\t    (illegal prefix length)");
+				else if (advance == -2)
+					goto trunc;
+	                        else
+					printf("\n\t      %s", buf);
+                                break;
+                            case SAFNUM_RT_ROUTING_INFO:
+                                advance = decode_rt_routing_info(tptr, buf, sizeof(buf));
+				if (advance == -1)
+					printf("\n\t    (illegal prefix length)");
+				else if (advance == -2)
+					goto trunc;
+	                        else
+					printf("\n\t      %s", buf);
                                 break;
                             default:
+                                TCHECK2(*(tptr-3),tlen);
                                 printf("\n\t      no SAFI %u decoder ",safi);
                                 if (vflag <= 1)
                                     print_unknown_data(tptr-3,"\n\t    ",tlen);
@@ -935,12 +1188,18 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                             case SAFNUM_VPNMULTICAST:
                             case SAFNUM_VPNUNIMULTICAST:
 				advance = decode_labeled_vpn_l2(tptr, buf, sizeof(buf));
-                                printf("\n\t      %s", buf);         
+				if (advance == -1)
+					printf("\n\t    (illegal length)");
+				else if (advance == -2)
+					goto trunc;
+	                        else
+                                        printf("\n\t      %s", buf);         
                                 break;                                   
                             default:
+                                TCHECK2(*tptr,tlen);
                                 printf("no SAFI %u decoder",safi);
                                 if (vflag <= 1)
-                                    print_unknown_data(tptr,"\n\t    ",tlen);                                        
+                                    print_unknown_data(tptr,"\n\t    ",tlen);
                                 advance = 0;
 				tptr = pptr + len;
                                 break;
@@ -949,6 +1208,7 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
 
 
 			default:
+                            TCHECK2(*(tptr-3),tlen);
                             printf("\n\t      no AFI %u decoder ",af);
                             if (vflag <= 1)
                                     print_unknown_data(tptr-3,"\n\t    ",tlen);
@@ -956,11 +1216,14 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                             tptr = pptr + len;
                             break;
 			}
+                        if (advance < 0) /* infinite loop protection */
+                            break;
 			tptr += advance;
 		}
 		break;
 
 	case BGPTYPE_MP_UNREACH_NLRI:
+		TCHECK2(tptr[0], 3);
 		af = EXTRACT_16BITS(tptr);
 		safi = tptr[2];
 
@@ -981,22 +1244,35 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                             case SAFNUM_MULTICAST:
                             case SAFNUM_UNIMULTICAST:
                                 advance = decode_prefix4(tptr, buf, sizeof(buf));
-	                        if (advance >= 0) 
+				if (advance == -1)
+                                        printf("\n\t    (illegal prefix length)");
+	                        else if (advance == -2)
+                                        goto trunc;
+	                        else
                                 	printf("\n\t      %s", buf);
-				else
-	                                printf("\n\t    (illegal prefix length)");
                                 break;
                             case SAFNUM_LABUNICAST:
                                 advance = decode_labeled_prefix4(tptr, buf, sizeof(buf));
-                                printf("\n\t      %s", buf);
+				if (advance == -1)
+                                        printf("\n\t    (illegal prefix length)");
+	                        else if (advance == -2)
+                                        goto trunc;
+	                        else
+                                        printf("\n\t      %s", buf);
                                 break;
                             case SAFNUM_VPNUNICAST:
                             case SAFNUM_VPNMULTICAST:
                             case SAFNUM_VPNUNIMULTICAST:
                                 advance = decode_labeled_vpn_prefix4(tptr, buf, sizeof(buf));
-                                printf("\n\t      %s", buf);
+				if (advance == -1)
+                                        printf("\n\t    (illegal prefix length)");
+	                        else if (advance == -2)
+                                        goto trunc;
+	                        else
+                                        printf("\n\t      %s", buf);
                                 break;
                             default:
+                                TCHECK2(*(tptr-3),tlen);
                                 printf("\n\t      no SAFI %u decoder",safi);
                                 if (vflag <= 1)
                                     print_unknown_data(tptr-3,"\n\t    ",tlen);
@@ -1013,19 +1289,35 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                             case SAFNUM_MULTICAST:
                             case SAFNUM_UNIMULTICAST:
 				advance = decode_prefix6(tptr, buf, sizeof(buf));
-				printf("\n\t      %s", buf);
+				if (advance == -1)
+					printf("\n\t    (illegal prefix length)");
+				else if (advance == -2)
+					goto trunc;
+	                        else
+					printf("\n\t      %s", buf);
 				break;
                             case SAFNUM_LABUNICAST:
                                 advance = decode_labeled_prefix6(tptr, buf, sizeof(buf));
-                                printf("\n\t      %s", buf);
+				if (advance == -1)
+					printf("\n\t    (illegal prefix length)");
+				else if (advance == -2)
+					goto trunc;
+	                        else
+                                        printf("\n\t      %s", buf);
                                 break;
                             case SAFNUM_VPNUNICAST:
                             case SAFNUM_VPNMULTICAST:
                             case SAFNUM_VPNUNIMULTICAST:
                                 advance = decode_labeled_vpn_prefix6(tptr, buf, sizeof(buf));
-                                printf("\n\t      %s", buf);
+				if (advance == -1)
+					printf("\n\t    (illegal prefix length)");
+				else if (advance == -2)
+					goto trunc;
+	                        else
+                                        printf("\n\t      %s", buf);
                                 break;
                             default:
+                                TCHECK2(*(tptr-3),tlen);
                                 printf("\n\t      no SAFI %u decoder",safi);
                                 if (vflag <= 1)
                                     print_unknown_data(tptr-3,"\n\t    ",tlen);
@@ -1042,9 +1334,15 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                             case SAFNUM_VPNMULTICAST:
                             case SAFNUM_VPNUNIMULTICAST:
 				advance = decode_labeled_vpn_l2(tptr, buf, sizeof(buf));
-                                printf("\n\t      %s", buf);         
+				if (advance == -1)
+					printf("\n\t    (illegal length)");
+				else if (advance == -2)
+					goto trunc;
+	                        else
+                                        printf("\n\t      %s", buf);         
                                 break;                                   
                             default:
+                                TCHECK2(*(tptr-3),tlen);
                                 printf("no SAFI %u decoder",safi);
                                 if (vflag <= 1)
                                     print_unknown_data(tptr-3,"\n\t    ",tlen);                                        
@@ -1055,6 +1353,7 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                             break;
 
 			default:
+				TCHECK2(*(tptr-3),tlen);
 				printf("\n\t    no AFI %u decoder",af);
                                 if (vflag <= 1)
                                     print_unknown_data(tptr-3,"\n\t    ",tlen);
@@ -1073,70 +1372,60 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
 		}
                 while (tlen>0) {
                     u_int16_t extd_comm;
+
+                    TCHECK2(tptr[0], 2);
                     extd_comm=EXTRACT_16BITS(tptr);
+
+		    printf("\n\t    %s (0x%04x), Flags [%s]",
+			   tok2str(bgp_extd_comm_subtype_values, "unknown extd community typecode", extd_comm),
+			   extd_comm,
+			   bittok2str(bgp_extd_comm_flag_values, "none", extd_comm));
+
+                    TCHECK2(*(tptr+2), 6);
                     switch(extd_comm) {
                     case BGP_EXT_COM_RT_0:
                     case BGP_EXT_COM_RO_0:
-                        printf("\n\t    %s%s%s:%u:%s",
-                               (extd_comm&0x8000) ? "vendor-specific: " : "",
-                               (extd_comm&0x4000) ? "non-transitive: " : "",
-                               tok2str(bgp_extd_comm_subtype_values,
-                                       "unknown",
-                                       extd_comm),
+                        printf(": %u:%s",
                                EXTRACT_16BITS(tptr+2),
                                getname(tptr+4));
                         break;
                     case BGP_EXT_COM_RT_1:
                     case BGP_EXT_COM_RO_1:
-                        printf("\n\t    %s%s%s:%s:%u",
-                               (extd_comm&0x8000) ? "vendor-specific: " : "",
-                               (extd_comm&0x4000) ? "non-transitive: " : "",
-                               tok2str(bgp_extd_comm_subtype_values,
-                                       "unknown",
-                                       extd_comm),
+                        printf(": %s:%u",
                                getname(tptr+2),
                                EXTRACT_16BITS(tptr+6));
                         break;
+                    case BGP_EXT_COM_RT_2:
+                    case BGP_EXT_COM_RO_2:
+                        printf(": %u:%u",
+                               EXTRACT_32BITS(tptr+2),
+                               EXTRACT_16BITS(tptr+6));
+                        break;
                     case BGP_EXT_COM_LINKBAND:
-                        memcpy (&bw, tptr+2, 4);
-                        printf("\n\t    %s%s%s:bandwidth: %.3f Mbps",
-                               (extd_comm&0x8000) ? "vendor-specific: " : "",
-                               (extd_comm&0x4000) ? "non-transitive: " : "",
-                               tok2str(bgp_extd_comm_subtype_values,
-                                       "unknown",
-                                       extd_comm),
-                               bw*8/1000000);
+		        bw.i = EXTRACT_32BITS(tptr+2);
+                        printf(": bandwidth: %.3f Mbps",
+                               bw.f*8/1000000);
                         break;
                     case BGP_EXT_COM_VPN_ORIGIN:
+                    case BGP_EXT_COM_VPN_ORIGIN2:
+                    case BGP_EXT_COM_VPN_ORIGIN3:
+                    case BGP_EXT_COM_VPN_ORIGIN4:
                     case BGP_EXT_COM_OSPF_RID:
-                        printf("\n\t    %s%s%s:%s",
-                               (extd_comm&0x8000) ? "vendor-specific: " : "",
-                               (extd_comm&0x4000) ? "non-transitive: " : "",
-                               tok2str(bgp_extd_comm_subtype_values,
-                                       "unknown",
-                                       extd_comm),
-                               getname(tptr+2));
+                    case BGP_EXT_COM_OSPF_RID2:
+                        printf("%s", getname(tptr+2));
                         break;
-                    case BGP_EXT_COM_OSPF_RTYPE: 
-                        printf("\n\t    %s%s%s, area:%s, router-type:%s, metric-type:%s%s",
-                               (extd_comm&0x8000) ? "vendor-specific: " : "",
-                               (extd_comm&0x4000) ? "non-transitive: " : "",
-                               tok2str(bgp_extd_comm_subtype_values,
-                                       "unknown",
-                                       extd_comm),
+                    case BGP_EXT_COM_OSPF_RTYPE:
+                    case BGP_EXT_COM_OSPF_RTYPE2: 
+                        printf(": area:%s, router-type:%s, metric-type:%s%s",
                                getname(tptr+2),
                                tok2str(bgp_extd_comm_ospf_rtype_values,
-                                       "unknown",
-                                       extd_comm),
+                                       "unknown (0x%02x)",
+                                       *(tptr+6)),
                                (*(tptr+7) &  BGP_OSPF_RTYPE_METRIC_TYPE) ? "E2" : "",
                                (*(tptr+6) == (BGP_OSPF_RTYPE_EXT ||BGP_OSPF_RTYPE_NSSA )) ? "E1" : "");
                         break;
                     case BGP_EXT_COM_L2INFO:
-                        printf("\n\t    %s%s:%s:Control Flags [0x%02x]:MTU %u",
-                               (extd_comm&0x4000) ? "non-transitive: " : "",
-                               tok2str(bgp_extd_comm_subtype_values,
-                                       "unknown",
-                                       extd_comm),
+                        printf(": %s Control Flags [0x%02x]:MTU %u",
                                tok2str(bgp_l2vpn_encaps_values,
                                        "unknown encaps",
                                        *(tptr+2)),
@@ -1144,8 +1433,6 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                                EXTRACT_16BITS(tptr+4));
                         break;
                     default:
-                        printf("\n\t      no typecode %u decoder",
-                               extd_comm);
                         print_unknown_data(tptr,"\n\t      ",8);
                         break;
                     }
@@ -1155,6 +1442,7 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
                 break;
 
 	default:
+	    TCHECK2(*pptr,len);
             printf("\n\t    no Attribute %u decoder",attr->bgpa_type); /* we have no decoder for the attribute */
             if (vflag <= 1)
                 print_unknown_data(pptr,"\n\t    ",len);
@@ -1162,6 +1450,10 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len)
 	}
         if (vflag > 1 && len) /* omit zero length attributes*/
             print_unknown_data(pptr,"\n\t    ",len);
+        return 1;
+
+trunc:
+        return 0;
 }
 
 static void
@@ -1302,12 +1594,14 @@ bgp_update_print(const u_char *dat, int length)
 
 		while(i < 2 + len) {
 			wpfx = decode_prefix4(&p[i], buf, sizeof(buf));
-			if (wpfx >= 0) {
-				i += wpfx;
-				printf("\n\t    %s", buf);
-			} else {
+			if (wpfx == -1) {
 				printf("\n\t    (illegal prefix length)");
 				break;
+			} else if (wpfx == -2)
+				goto trunc;
+			else {
+				i += wpfx;
+				printf("\n\t    %s", buf);
 			}
 		}
 #endif
@@ -1333,7 +1627,7 @@ bgp_update_print(const u_char *dat, int length)
                               alen);
 
 			if (bgpa.bgpa_flags) {
-				printf(", flags [%s%s%s%s",
+				printf(", Flags [%s%s%s%s",
 					bgpa.bgpa_flags & 0x80 ? "O" : "",
 					bgpa.bgpa_flags & 0x40 ? "T" : "",
 					bgpa.bgpa_flags & 0x20 ? "P" : "",
@@ -1342,7 +1636,8 @@ bgp_update_print(const u_char *dat, int length)
 					printf("+%x", bgpa.bgpa_flags & 0xf);
 				printf("]: ");
 			}
-			bgp_attr_print(&bgpa, &p[i + aoff], alen);
+			if (!bgp_attr_print(&bgpa, &p[i + aoff], alen))
+				goto trunc;
 			i += aoff + alen;
 		}
 	}
@@ -1353,12 +1648,13 @@ bgp_update_print(const u_char *dat, int length)
 		while (dat + length > p) {
 			char buf[MAXHOSTNAMELEN + 100];
 			i = decode_prefix4(p, buf, sizeof(buf));
-			if (i >= 0) {
+			if (i == -1)
+				printf("\n\t    (illegal prefix length)");
+			else if (i == -2)
+				goto trunc;
+			else {
 				printf("\n\t    %s", buf);
 				p += i;
-			} else {
-				printf("\n\t    (illegal prefix length)");
-				break;
 			}
 		}
 	}
@@ -1372,6 +1668,7 @@ bgp_notification_print(const u_char *dat, int length)
 {
 	struct bgp_notification bgpn;
 	int hlen;
+	const u_char *tptr;
 
 	TCHECK2(dat[0], BGP_NOTIFICATION_SIZE);
 	memcpy(&bgpn, dat, BGP_NOTIFICATION_SIZE);
@@ -1381,18 +1678,49 @@ bgp_notification_print(const u_char *dat, int length)
         if (length<BGP_NOTIFICATION_SIZE)
             return;
 
-	printf(", Error - %s", tok2str(bgp_notify_major_values, "Unknown", bgpn.bgpn_major));
+	printf(", %s (%u)",
+	       tok2str(bgp_notify_major_values, "Unknown Error", bgpn.bgpn_major),
+	       bgpn.bgpn_major);
 
         switch (bgpn.bgpn_major) {
 
         case BGP_NOTIFY_MAJOR_MSG:
-            printf(" subcode %s", tok2str(bgp_notify_minor_msg_values, "Unknown", bgpn.bgpn_minor));
+            printf(", subcode %s (%u)",
+		   tok2str(bgp_notify_minor_msg_values, "Unknown", bgpn.bgpn_minor),
+		   bgpn.bgpn_minor);
             break;
         case BGP_NOTIFY_MAJOR_OPEN:
-            printf(" subcode %s", tok2str(bgp_notify_minor_open_values, "Unknown", bgpn.bgpn_minor));
+            printf(", subcode %s (%u)",
+		   tok2str(bgp_notify_minor_open_values, "Unknown", bgpn.bgpn_minor),
+		   bgpn.bgpn_minor);
             break;
         case BGP_NOTIFY_MAJOR_UPDATE:
-            printf(" subcode %s", tok2str(bgp_notify_minor_update_values, "Unknown", bgpn.bgpn_minor));
+            printf(", subcode %s (%u)",
+		   tok2str(bgp_notify_minor_update_values, "Unknown", bgpn.bgpn_minor),
+		   bgpn.bgpn_minor);
+            break;
+        case BGP_NOTIFY_MAJOR_CAP:
+            printf(" subcode %s (%u)",
+		   tok2str(bgp_notify_minor_cap_values, "Unknown", bgpn.bgpn_minor),
+		   bgpn.bgpn_minor);
+        case BGP_NOTIFY_MAJOR_CEASE:
+            printf(", subcode %s (%u)",
+		   tok2str(bgp_notify_minor_cease_values, "Unknown", bgpn.bgpn_minor),
+		   bgpn.bgpn_minor);
+
+	    /* draft-ietf-idr-cease-subcode-02 mentions optionally 7 bytes
+             * for the maxprefix subtype, which may contain AFI, SAFI and MAXPREFIXES
+             */
+	    if(bgpn.bgpn_minor == BGP_NOTIFY_MINOR_CEASE_MAXPRFX && length >= BGP_NOTIFICATION_SIZE + 7) {
+		tptr = dat + BGP_NOTIFICATION_SIZE;
+		TCHECK2(*tptr, 7);
+		printf(", AFI %s (%u), SAFI %s (%u), Max Prefixes: %u",
+		       tok2str(bgp_afi_values, "Unknown", EXTRACT_16BITS(tptr)),
+		       EXTRACT_16BITS(tptr),
+		       tok2str(bgp_safi_values, "Unknown", *(tptr+2)),
+		       *(tptr+2),
+		       EXTRACT_32BITS(tptr+3));
+	    }
             break;
         default:
             break;
@@ -1423,7 +1751,7 @@ bgp_route_refresh_print(const u_char *pptr, int len) {
         return;
 }
 
-static void
+static int
 bgp_header_print(const u_char *dat, int length)
 {
 	struct bgp bgp;
@@ -1456,9 +1784,10 @@ bgp_header_print(const u_char *dat, int length)
             print_unknown_data(dat,"\n\t  ",length);
                 break;
 	}
-	return;
+	return 1;
 trunc:
 	printf("[|BGP]");
+	return 0;
 }
 
 void
@@ -1508,9 +1837,15 @@ bgp_print(const u_char *dat, int length)
 			printf(" [|BGP]");
 
 		hlen = ntohs(bgp.bgp_len);
+		if (hlen < BGP_SIZE) {
+			printf("\n[|BGP Bogus header length %u < %u]", hlen,
+			    BGP_SIZE);
+			break;
+		}
 
 		if (TTEST2(p[0], hlen)) {
-			bgp_header_print(p, hlen);
+			if (!bgp_header_print(p, hlen))
+				return;
 			p += hlen;
 			start = p;
 		} else {
@@ -1524,14 +1859,3 @@ bgp_print(const u_char *dat, int length)
 trunc:
 	printf(" [|BGP]");
 }
-
-
-
-
-
-
-
-
-
-
-