OpenBSD manual page server

Manual Page Search Parameters

BGPLGD(8) System Manager's Manual BGPLGD(8)

bgplgda bgpctl FastCGI server

bgplgd [-d] [-p path] [-S socket] [-s socket] [-U user] [-V]

bgplgd is a server which implements the FastCGI Protocol to execute bgpctl(8) commands. bgplgd is a simple server that implements a simple web API to query bgpd(8).

bgplgd opens a socket at /var/www/run/bgplgd.sock, owned by www:www, with permissions 0660. It will then drop privileges to user "_bgplgd", unveil(2) the bgpctl(8) binary and restrict itself with pledge(2).

The options are as follows:

Do not daemonize. If this option is specified, bgplgd will run in the foreground and log to stderr.
path
Use path instead of bgpctl(8) to query bgpd(8).
socket
Use socket instead of the default /var/run/bgpd.rsock to communicate with bgpd(8).
socket
Create and bind to alternative local socket at socket.
user
Change the owner of /var/www/run/bgplgd.sock to user and its primary group instead of the default www:www.
Show the version and exit.

bgplgd provides the following API endpoints. Unless further specified the endpoints do not take any parameters:

/interfaces
Show the interface states.
/memory
Show RIB memory statistics.
/metrics
Output various statistics in OpenMetrics format.
/neighbors
Show detailed neighbors information. The output can be limited with the following parameters:

=peer
Show information for a specific neighbor. peer may be the neighbor's address or description.
=name
Show only entries from the specified peer group.
/nexthops
Show the list of BGP nexthops and the result of their validity check.
/rib
 
/rib/in
 
/rib/out
Show routes from the bgpd(8) Routing Information Base. For /rib/in the Adj-RIB-In will be queried and for /rib/out the Adj-RIB-out. The following parameters can be used to filter the output:

=peer
Show information for a specific neighbor. peer may be the neighbor's address or description.
=name
Show only entries from the specified peer group.
=number
Show only entries with the specified source AS number.
=string
 
=string
 
=string
Show only entries that match the specified community.
=(ipv4 | ipv6 | vpnv4 | vpnv6)
Show only entries that match the specified address family.
=name
Show only entries from the RIB with name name. Can only be used with the /rib endpoint.
=(valid | not-found | invalid)
Show only prefixes that match the specified Origin Validation State.
=(valid | invalid | unknown)
Show only prefixes that match the specified ASPA Validation State.
=1
Show only selected routes.
=1
Show only prefixes which are marked invalid and were treated as withdrawn.
=1
Show only prefixes which are marked filtered by the input filter.
=1
Show only prefixes which are not eligible.
=1
Show only prefixes where a route leak was detected.
=addr
Show only entries that match prefix either as the best matching route or show the entry for this CIDR prefix.
=1
Show all entries in the specified prefix range.
=1
Show all entries covering and including the specified prefix.
/rtr
Show a list of all RTR sessions.
/sets
Show a list summarizing all roa-set, as-set, prefix-set, and origin-set tables.
/summary
Show a list of all neighbors, including information about the session state and message counters.

Add the following to /etc/bgpd.conf to have bgpd(8) open a second, restricted, control socket:

socket "/var/run/bgpd.rsock" restricted

An example setup in httpd(8) is:

        location "/bgplgd/*" {
                fastcgi socket "/run/bgplgd.sock"
                request strip 1
        }

bgpctl(8), bgpd(8), httpd(8)

The bgplgd server first appeared in OpenBSD 7.2.

Claudio Jeker <claudio@openbsd.org>

December 3, 2024 OpenBSD-current