NAME
bgplgd
—
a bgpctl FastCGI server
SYNOPSIS
bgplgd |
[-d ] [-p
path] [-S
socket] [-s
socket] [-U
user] [-V ] |
DESCRIPTION
bgplgd
is a server which implements the
FastCGI Protocol to execute
bgpctl(8)
commands. bgplgd
is a simple server that implements
a simple web API to query bgpd(8).
bgplgd
opens a socket at
/var/www/run/bgplgd.sock, owned by www:www, with
permissions 0660. It will then drop privileges to user "_bgplgd",
unveil(2)
the bgpctl(8) binary and restrict itself with
pledge(2).
The options are as follows:
-d
- Do not daemonize. If this option is specified,
bgplgd
will run in the foreground and log to stderr. -p
path- Use path instead of bgpctl(8) to query bgpd(8).
-S
socket- Use socket instead of the default /var/run/bgpd.rsock to communicate with bgpd(8).
-s
socket- Create and bind to alternative local socket at socket.
-U
user- Change the owner of /var/www/run/bgplgd.sock to user and its primary group instead of the default www:www.
-V
- Show the version and exit.
bgplgd
provides the following API
endpoints. Unless further specified the endpoints do not take any
parameters:
- /interfaces
- Show the interface states.
- /memory
- Show RIB memory statistics.
- /metrics
- Output various statistics in OpenMetrics format.
- /neighbors
- Show detailed neighbors information. The output can be limited with the
following parameters:
neighbor
=peer- Show information for a specific neighbor. peer may be the neighbor's address or description.
group
=name- Show only entries from the specified peer group.
- /nexthops
- Show the list of BGP nexthops and the result of their validity check.
- /rib
- /rib/in
- /rib/out
- Show routes from the bgpd(8) Routing Information Base. For
/rib/in the Adj-RIB-In will
be queried and for /rib/out the
Adj-RIB-out. The following parameters can be used to
filter the output:
neighbor
=peer- Show information for a specific neighbor. peer may be the neighbor's address or description.
group
=name- Show only entries from the specified peer group.
as
=number- Show only entries with the specified source AS number.
community
=stringext-community
=stringlarge-community
=string- Show only entries that match the specified community.
af
=(ipv4
|ipv6
|vpnv4
|vpnv6
)- Show only entries that match the specified address family.
rib
=name- Show only entries from the RIB with name name. Can only be used with the /rib endpoint.
ovs
=(valid
|not-found
|invalid
)- Show only prefixes that match the specified Origin Validation State.
avs
=(valid
|invalid
|unknown
)- Show only prefixes that match the specified ASPA Validation State.
best
=1- Show only selected routes.
error
=1- Show only prefixes which are marked invalid and were treated as withdrawn.
filtered
=1- Show only prefixes which are marked filtered by the input filter.
invalid
=1- Show only prefixes which are not eligible.
leaked
=1- Show only prefixes where a route leak was detected.
prefix
=addr- Show only entries that match prefix either as the best matching route or show the entry for this CIDR prefix.
all
=1- Show all entries in the specified prefix range.
or-shorter
=1- Show all entries covering and including the specified prefix.
- /rtr
- Show a list of all RTR sessions.
- /sets
- Show a list summarizing all roa-set, as-set, prefix-set, and origin-set tables.
- /summary
- Show a list of all neighbors, including information about the session state and message counters.
EXAMPLES
Add the following to /etc/bgpd.conf to have bgpd(8) open a second, restricted, control socket:
socket
"/var/run/bgpd.rsock" restricted
An example setup in httpd(8) is:
location "/bgplgd/*" { fastcgi socket "/run/bgplgd.sock" request strip 1 }
SEE ALSO
HISTORY
The bgplgd
server first appeared in
OpenBSD 7.2.
AUTHORS
Claudio Jeker <claudio@openbsd.org>