BGPLG(8) | System Manager's Manual | BGPLG(8) |
bgplg
— looking
glass for the OpenBSD Border Gateway Protocol daemon
bgplg |
The bgplg
CGI program is a looking glass
for the bgpd(8) Border Gateway
Protocol daemon. The looking glass will provide a simple web interface with
read-only access to a restricted set of
bgpd(8) and system status
information, which is typically used on route servers by Internet Service
Providers (ISPs) and Internet eXchange points (IXs). It is intended to be
used in a chroot(2)
environment in /var/www.
bgplg
is disabled by default. It requires
four steps to enable the looking glass:
bgplg
CGI program and the additional statically
linked programs that have been installed into the
chroot(2) environment.
For example, to allow execution of
bgplg
and the statically-linked version of
bgpctl(8):
# chmod 0555 /var/www/cgi-bin/bgplg # chmod 0555 /var/www/bin/bgpctl
External commands like ping(8) and others will be hidden from the looking glass command list unless given the correct permissions. See the FILES section below for the list of installed programs.
# mkdir /var/www/etc # cp /etc/resolv.conf /var/www/etc
For example, add the following to /etc/bgpd.conf to have bgpd(8) open a second, restricted, control socket:
socket
"/var/www/run/bgpd.rsock" restricted
server
section in
httpd.conf(5). For
example:
ext_addr="0.0.0.0" server "lg.example.net" { listen on $ext_addr port 80 location "/cgi-bin/*" { fastcgi root "" } }
bgplg
CSS style sheet.bgplg
HTML header.bgplg
HTML footer.The following statically linked executables have been installed
into the chroot(2)
environment of the httpd(8)
server. To enable the corresponding functionality, use the
chmod(1) utility to manually
set the file permission mode to 0555 or anything appropriate. Some of these
executables need the set-user-ID bit, so they should be mounted on a
filesystem without the nosuid
option.
bgplg
CGI executable.The bgplg
program first appeared in
OpenBSD 4.1. The initial implementation was done in
2005 for DE-CIX, the German commercial internet exchange point.
The bgplg
program was written by
Reyk Floeter
<reyk@openbsd.org>.
To prevent commands from running endlessly,
bgplg
will kill the corresponding processes after a
hard limit of 60 seconds. For example, this can take effect when using
traceroute(8) with
blackholed or bad routes.
December 14, 2016 | OpenBSD-6.6 |