When using FRRouting/Quagga, I am finding that the command is being built incorrectly. It seems that the 'vytsh -c' command is being prepended to each part of the command line being built.

example:

% Unknown command: vtysh -cshow bgpvtysh -cipv4vtysh -c1.1.1.1vtysh -c

As of this post, I am using the latest version available through github.

PHP message: PHP Notice:  Undefined variable: parameter
in /srv/lg/routers/cisco_iosxr.php on line 71

This appears to be happening because of a mix of $parameter and $destination in cisco_iosxr.php:

-  protected function build_traceroute($destination) {
+  protected function build_traceroute($parameter) {

A grep also flags extreme_netiron.php and juniper.php.

Whilst fixing this I also found:

PHP Fatal error:  Uncaught Error: Call to undefined method ExtremeNetIron::add()
in /var/www/html/routers/extreme_netiron.php:44

Which seems to just be a typo of $this instead of $cmd:

-      $this->add('detail');
+      $cmd->add('detail');

Hi have this error but the have log's

Error! No parameter given.

[2019-05-22 21:26:10] [client: 192.168.x.x] route-server.gblx.net > [BEGIN] show bgp ipv4 unicast 8.8.8.8
[2019-05-22 21:26:10] [client: 192.168.x.x] route-server.gblx.net > [END] show bgp ipv4 unicast 8.8.8.8

[22/May/2019:17:26:10 -0400] "POST /looking-glass/execute.php HTTP/1.1" 200 - "http://192.168.30.110/looking-glass/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36"

Hi

im new in terms of using looking glass. this is my concern. i have windows server 2016 since no more telnet server features on windows 2016 server i have installed 3rd party Ssh for the machine.

but when my looking glass machine calling the windows server thru ssh seems not working and no output also in web interface.

not sure if i explain it well.

here is the config.

ssh://lg:[email protected]

Would i be able to use this with a ubiquiti router?

[Mon Jan 27 12:30:30.] [:error] [pid xy] [client 1.2.3.4:37538] PHP Fatal error: Non-abstract method Arista::build_bgp() must contain body in /var/www/xyz/routers/arista.php on line 27, referer: http://xyzsite.net/

When the HTTP_X_FORWARDED_FOR variable is set is can contain a chain of proxy servers which the request passed to get to the server, this result that the variable $requester can have a value like "8.8.8.8, 192.168.0.1" which is directly passed to Google recaptcha validation API, and will always fail.
not to mention that that header can be set by the user, and we trust it directly in the code.

// From where the user *really* comes from.
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
  $requester = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
  $requester = $_SERVER['REMOTE_ADDR'];
}

In my environments I always overwrite this header with the REMOTE_ADDR, as you can never trust the user input.

Hi,

I have configured the looking-glass system to use 1 authenticated routeserver (with a user/pass) and two unauthenticated systems (one with a user only, one that does not use userid/pass). In all three cases, the logs indicate the following error whenever a command is executed:

[Mon Jan 29 06:14:17.462250 2018] [:error] [pid 47583] [client ] PHP Notice: Undefined index: custom_bootstrap_theme in /var/www/html/looking-glass/index.php on line 263
[Mon Jan 29 06:14:20.926282 2018] [:error] [pid 47583] [client PHP Warning: feof() expects parameter 1 to be resource, boolean given in /var/www/html/looking-glass/auth/telnet.php on line 57, referer: http://lg.xxxx.com/looking-glass/
[Mon Jan 29 06:14:21.068362 2018] [:error] [pid 47583] [client PHP Warning: feof() expects parameter 1 to be resource, boolean given in /var/www/html/looking-glass/auth/telnet.php on line 57, referer: http://lg.xxxx.com/looking-glass/

This is with the latest master.

Please could you suggest a fix?

Hello, I found your application, and I was liking some points, but, as we're using it in closed environnement, and as a support tool, we need to allow more "specific commands" that could be run (show interface, ).

I've found the way you describe new commands as inheriting from the base class kinda disturbing, hence, if you could think in a way to do it, it would be great.

We need to make sure that, when using as-path regex command with Quagga or BIRD, we can't use the parameter field to inject another command to retrieve information that should not be seen.

This can be done in several way:

• Parameter value check, basically we need that the regex is a valid regex for a given router type. It can be tricky but surely important.
• Escape characters when using a standard unix shell to avoid interpretation.

We also can do both checks, that will probably not hurt.

Hi,

first off, thank you for this wonderful project!

At the moment, it's possible to request the route for 100.0.0.0/1 which results in very large output and high load on the devices while providing very little value for actual troubleshooting. I would therefore like to propose the addition of a parameter which sets a lower bound on the prefix length being permitted.

Example:
Add following in config.php $config['misc']['minimum_prefix_length'] = 16;.
When set, only permit 10.0.0.0/x as input for the command show route when 16 ≤ x ≤ 32.
Else display an error message.

Let me know what you think.

Hi,
Would love to work together and implement Nokia SROS to this looking glass.

Migrate to the new stable version of Bootstrap (4.0.0).

Plop.

When using "show route as-path-regex AS_PATH_REGEX", the user can't tell what syntax he has to use (Juniper ? Bird ? Cisco-like ?).

It causes a bit of trial and error if the router's description doesn't indicate its type. And while one wouldn't want to display this information, a config flag to display the type after description from the router definition would be nice.

Another approach could be to display an helper/reminder:

• Juniper: $INSERT JUNOS EXAMPLE HERE
• Bird: AS1 AS2 ... ASZ
• Cisco: ^AS1_

But frankly, it will be quite complex to sum up enough information without bloating the page ( http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/26634-bgp-toc.html#asregexp for cisco reference)

It could be a simple list of web links to these references:

• Juniper: http://www.juniper.net/techpubs/en_US/junos13.3/topics/reference/command-summary/show-route-aspath-regex.html
• Bird: http://bird.network.cz/?get_doc&f=bird-5.html (search for bgpmask)
• Cisco: http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/26634-bgp-toc.html#asregexp

Maybe a nice combination of a config flag and the list of tech refs as a reminder :)

++

will be good add Recaptcha Google after 5-use comand/

I found in the code we pulled is that there was no return() in the build_aspath_regex function. So there was nothing to iterate on once we hit "foreach ($commands as $selected) {". This is a least true for the cisco.php library.

return $commands; at the end of the function fixes the problem.

Hi,

I've seen the GH isnt really the place for questions but oh well I guess this could also be a bug.
I'm having some issues getting any of the commands involving a connection with my BIRD routing server to work. Whenever I use any of the commands, I just get a box on the screen that says "Error!" and nothing else. No output is written to the log defined in config. I did find this in my Apache error log:

[Mon Jul 15 00:42:06.541151 2019] [:error] [pid 16051] [client 71.224.214.24:42251] PHP Fatal error: Uncaught Error: Function name must be a string in /var/www/looking-glass/routers/bird.php:43\nStack trace:\n#0 /var/www/looking-glass/routers/bird.php(70): Bird->get_aspath('6939')\n#1 /var/www/looking-glass/routers/router.php(172): Bird->build_as('6939')\n#2 /var/www/looking-glass/routers/router.php(192): Router->build_commands('as', '6939')\n#3 /var/www/looking-glass/execute.php(96): Router->send_command('as', '6939')\n#4 {main}\n thrown in /var/www/looking-glass/routers/bird.php on line 43, referer: https://lg.as139233.net/

(using AS6939 as a test)

I did follow the instructions on the RTD page for setting up the config with BIRD, although this doesn't appear to be a config issue. I'm using the latest commit from GH.

Thanks

show bgp command for Quagga router is missing the unicast option causing it to return
% Unknown command.

Previous code:

protected function build_commands($command, $parameter) {
$commands = array();
$vtysh = 'vtysh -c "';
switch ($command) {
case 'bgp':
if (match_ipv6($parameter, false)) {
$commands[] = $vtysh.'show bgp ipv6 unicast '.$parameter.'"';
} else if (match_ipv4($parameter, false)) {
$commands[] = $vtysh.'show bgp ipv4 unicast '.$parameter.'"';
} else {
throw new Exception('The parameter is not an IP address.');
}
break;
. . .

Current code:
https://github.com/respawner/looking-glass/blob/master/routers/quagga.php#L29

Good Day!

Allow me to first start off by saying thanks for creating looking glass software and still actively working on it! We are currently using one that hasn't been updated in like 10 years, and we are looking for an alternative. Also, I've followed the guides in the /docs directory.

I have a Cisco switch (I forget the platform - non catalyst 3850 I think) that I am trying to test out before deploying for one of our bigger customers. Anywho, I'm trying to get SSH to work with the switch, but when I try to ping from the web interface, I just get an error (red bar across the screen that just says "Error!". Note the info below.

Router config:
`
// Authentication based on SSH or Telnet with password

$config['routers']['router1']['host'] = 'ip.v4.add.ress';
$config['routers']['router1']['user'] = 'sshuser';
$config['routers']['router1']['pass'] = 'sshuserpassword';
$config['routers']['router1']['auth'] = 'ssh-password';
$config['routers']['router1']['type'] = 'cisco';
$config['routers']['router1']['desc'] = 'S1SW01';
$config['routers']['router1']['source-interface-id'] = 'vlanXX';
$config['routers']['router1']['source-interface-id']['ipv4'] = 'vlan.xx.ip.addr';
$config['routers']['router1']['disable_ipv6'] = false;
$config['routers']['router1']['disable_ipv4'] = false;
$config['routers']['router1']['timeout'] = 30;
`

I also enabled logging, but so far that file has been empty. Note the logs below from /var/log/httpd/error_log

`
[Thu Jun 13 10:33:14.006941 2019] [:error] [pid 15672] [client my.ip.addr.ess:22818] PHP Warning: Illegal string offset 'ipv4' in /var/www/html/looking-glass/config.php on line 45, referer: http://lg.server.ip.addr/looking-glass/

Above error is the source interface id ipv4 configuration.

[Thu Jun 13 10:33:14.007649 2019] [:error] [pid 15672] [client my.ip.addr.ess:22818] PHP Parse error: syntax error, unexpected '.', expecting '&' or variable (T_VARIABLE) in /var/www/html/looking-glass/includes/command_builder.php on line 50, referer: http://lg.server.ip.addr/looking-glass/

The above error is in reference to this config in that file: public function add(...$elements) {
`
I'm running the LG software on a CentOS 7 VM if that helps any. Also, I got software via the "git" command, and just moved that folder to /var/www/html. Any assistance would be greatly appreciated.

I was able to get the application talking with our BGP routers, and everything is looking good. I just had a question about tweaking the commands that are issued to the routers. We don't want the output to display interface information, which is the case for a few of the outputs. This is specifically for Junipers. We would like to pipe the command to exclude interface info. Example:

show route 8.8.8.8 protocol bgp table inet.0 | except "via"

Is this a simple tweak? Any help would be greatly appreciated.

The 'ping6' and 'ping' commands are missing for the build_ping() function:

https://github.com/respawner/looking-glass/blob/51aec8250f0b0f7a526974ddafc4bb4e3c118ff7/routers/unix.php#L66

https://github.com/respawner/looking-glass/blob/51aec8250f0b0f7a526974ddafc4bb4e3c118ff7/routers/unix.php#L70

show bgp regexp works slightly different in IOS-XR. In IOS you need to use quote-regexp in a command like this: show bgp ipv4 unicast quote-regexp "2914 29467". In IOS-XR quote-regexp doesn't exist and is very happy with show bgp ipv4 unicast regexp "2914 29467". The quotes don't get mixed up in the interpretation of the expression. Purists may complain.

In any case I handled this in cisco_iosxr.php by adding a customized build_aspath_regexp function.

It will be nice if someone will add configuration examples for OpenBGPd / Openbsd

Feature enhancement to add support for making looking-glass VRF aware when running against IOS-XR devices.

No clue what either are

I am using openbgpd in pfsense router, how i do config login to openbgpd?

I think multilanguage support is a good idea.

Dear team,
Im facing this error: Cannot connect to router with juniper router, while no log entries on the router
please your advice

For properly defining icons in Toolbars, it would be great to have a config-parameter
confg['frontend']['additional_html_head'] to define custom extensions to html-head section. by simply adding

if($this->frontpage['additional_html_header']) {
  print($this->frontpage['additional_html_header']);
}

inside in function render.

If a user decides to expose the regexp command, permitting variants of .* could be used as an attack vector against the router control plane since it will essentially try to dump the entire routing table and consume lots of CPU in the process.

I'm not very versed in php, but looking at the code, I think creating an additional filter in match_aspath_regex() would be a reasonable mitigation?

These are some examples of bad regexp:

.
.*
.[,]*
.[0-9,0-9]*
.[0-9,0-9]+

Looking at all these variants though, maybe there are just too many to safely protect against? But maybe there's a way?

N/A

Since there is a RFC defining what looking glass should do, may be it would be nice to implement it.

When pulling the docker image gmazoyer/looking-glass:latest from DockerHub I get version 1.3.0 instead of the current master branch from Github. Could the image be updated to pull the latest version from Github?

See
https://hub.docker.com/r/gmazoyer/looking-glass/
https://microbadger.com/images/gmazoyer/looking-glass

Thanks in advance

Error! Cannot connect to router.

I have config below:

$config['routers']['router1']['host'] = 'r1.ams';
// The user to use to connect to the router
$config['routers']['router1']['user'] = 'readonlyuser';
// The public key of the given user
$config['routers']['router1']['private_key'] = '/var/www/lg.key';
// The passphrase of the key (optional if the key has no passphrase)
$config['routers']['router1']['pass'] = 'mypassphrase';
// The authentication mechanism to use (ssh-key for SSH based on keys)
$config['routers']['router1']['auth'] = 'ssh-key';
// The router type (can be cisco, ios, juniper or junos)
$config['routers']['router1']['type'] = 'juniper';
// The router source interface to be used
//$config['routers']['router1']['source-interface-id'] = 'lo0';
// The router description to be displayed in the router list
$config['routers']['router1']['desc'] = 'Router1 AMS';

Private key is valid and is working to access server with ssh -v -i /var/www/lg.key [email protected]

I was trying to use strace to find out root cause, with not much luck - I see communications between PHP client and Junos SSH server:

[pid 26495] 14:41:38.940471 lstat("/var/www/html/looking-glass/./libs/phpseclib-1.0.11/Crypt/TripleDES.php", {st_mode=S_IFREG|0644, st_size=15967, ...}) = 0
[pid 26495] 14:41:38.940536 poll([{fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 0) = 0 (Timeout)
[pid 26495] 14:41:38.940582 sendto(13, "\0\0\2\364\10\0242\21g\337\0202\312\255\304\245\35\346\364\225\3003\0\0\0~diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256\0\0\0\17ssh-rsa,ssh-dss\0\0\0\323aes128-ctr,aes192-ctr,aes256-ctr,twofish128-ctr,twofish192-ctr,twofish256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,twofish128-cbc,twofish192-cbc,twofish256-cbc,twofish-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc\0\0\0\323aes128-ctr,aes192-ctr,aes256-ctr,twofish128-ctr,twofish192-ctr,twofish256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,twofish128-cbc,twofish192-cbc,twofish256-cbc,twofish-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc\0\0\0009hmac-sha2-256,hmac-sha1-96,hmac-sha1,hmac-md5-96,hmac-md5\0\0\0009hmac-sha2-256,hmac-sha1-96,hmac-sha1,hmac-md5-96,hmac-md5\0\0\0\4none\0\0\0\4none\0\0\0\0\0\0\0\0\0\0\0\0\0V\277:](\223\252q", 760, MSG_DONTWAIT, NULL, 0) = 760
[pid 26495] 14:41:38.940631 poll([{fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 0) = 0 (Timeout)
[pid 26495] 14:41:38.940665 poll([{fd=13, events=POLLIN|POLLERR|POLLHUP}], 1, 60000) = 1 ([{fd=13, revents=POLLIN}])
[pid 26495] 14:41:38.947365 recvfrom(13, "\0\0\3\324\t\24\352\275`d{y\336q\n\251}OD'\24\\\0\0\0\267ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1\0\0\0#ssh-rsa,ssh-dss,ecdsa-sha2-nistp256\0\0\0\235aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]\0\0\0\235aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]\0\0\0\247hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96\0\0\0\247hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96\0\0\0\25none,[email protected]\0\0\0\25none,[email protected]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 8192, MSG_DONTWAIT, NULL, NULL) = 984
[pid 26495] 14:41:38.947423 poll([{fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 0) = 0 (Timeout)
[pid 26495] 14:41:38.951330 poll([{fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 0) = 0 (Timeout)
[pid 26495] 14:41:38.951379 sendto(13, "\0\0\0\214\6\36\0\0\0\200\2\2770p\2\375g$\0\5\301\7f\300\276/D\364\7\250a\235O:\314\255\244Y\237\37\\\216EY\3\322\237\207Sf\324\245\246\262ou,\10\371\360\260\377i\356\276\322\2217M\274B\213\367\35\25\246eF\377\254\377l\374\206\260?/8\2158-*M\30\316T\226\230\344\27\272\\\3+y\341\262K\234\203\314a`\217\340\371\267\10\235\214\2\302FE\241\206\377\23eW\300\251\232\275\325i\6aNs\203k\5\345", 144, MSG_DONTWAIT, NULL, 0) = 144
[pid 26495] 14:41:38.951428 poll([{fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 0) = 0 (Timeout)
[pid 26495] 14:41:38.951461 poll([{fd=13, events=POLLIN|POLLERR|POLLHUP}], 1, 60000) = 1 ([{fd=13, revents=POLLIN}])
[pid 26495] 14:41:39.016848 recvfrom(13, "\0\0\2\274\7\37\0\0\1\27\0\0\0\7ssh-rsa\0\0\0\3\1\0\1\0\0\1\1\0\352\265\274\17\354\26'\"d4\260\"\\\377\243\nR\\b\272\n\326M)\3642Z\265\273\325.\205\261b\214\17g\2511\2415\344\t7\311/\374U\r\213y\30\241+\20\241Hx\2710\27\225\333\f\251\314\315\245\1\302\264\1S\201\220o\201\326\220\177\202/lW0L\277\241\232\350j\244(\303\304g\273\26 \5\\8\272\303\0076\303\364\\\311\277'\0371h\6\377\320\247L7#'&`G\243\27c\234\371$Vl\202\22k\353\357s\300`I#\270\304\375f\315\3619\353!\275\362\v\266\364s)\252\363\244\335<I\31d\35\276\374 )\256\t*\206\211\232\266k\324*\31\376\210\263w\321s\262 \335{\257\223(\300\25\202\352\244\3244\314\205\345\3373\35o\37\226\r\2158\340\375\347?[d\302\327zX\177~OI\220M\324\205\242\240\217\376g\227\250'\t\272\334\353\377\262\231\375N\260\275\351\2043\0\0\0\201\0\334}\323\253)V\245\212\26\353\252,\345\350\310\355U<N\5\354d\276\370\305\353\365g\25rU+Hh\375\"~\24\212\326\340V7_\202\232\366\177\372\275\365\346\264I\302\0334\300\275\374?\375_\335\321I\35^bJ\206\260Z\235\315D\2457K=\251\302\271\30\270\331\240m\262wLl\34\227\\A\6\327\340\321\246,\244?Bf\6\226/\371\222\370\f;\221\37\305\2l\205^\204\3354k\372|\376\0\0\1\17\0\0\0\7ssh-rsa\0\0\1\0\2\262\227\336{\305\300\343\205Z\233\33\270\345\205c_\0\1\300\373&\3\264Z=\374Y~\214\373\255a\\h\365\262m\224\260\347\360\0\22F*\207$\347\275\232\3\232\2;\377\273t\302\tf$\240\271\303I\21\202\346\345\221\317\n\22\314\231\0269\324\205W\363\220$\257\3109\16=\350\305\\h\26PY\200tJE\302\2;\323:\273\357\177IRa\f\214P\31\214=%\370\335arL\204\35\353\4\22\247\202\327\262\254\262\332\36\2244h\373\301\"_hA\200\21\37\350j(\361\326a\31\301\31\346\353\20_i&3%\347/\t\22\23\312%5\342\267)\365\331\302[\216L\243a\210\316r9\377\227\256\320\355\223\256\215\274\372\247\322\252{7-\336\361\330\275\205D\202:k\347\240\226]>\366\224\207\267\334\232\333\237\236b\26\271\271e\325\333\337\263\200^oc1\207m=\246\33\357,\27\271\17\216.\262\202\231\0\0\0\0\0\0\0\0\0\0\f\n\25\0\0\0\0\0\0\0\0\0\0", 8192, MSG_DONTWAIT, NULL, NULL) = 720
[pid 26495] 14:41:39.026635 sendto(13, "\0\0\0\f\n\25 \tn~\232\210\36\224g\245", 16, MSG_DONTWAIT, NULL, 0) = 16
[pid 26495] 14:41:39.026803 poll([{fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 0) = 0 (Timeout)
[pid 26495] 14:41:39.027987 poll([{fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 0) = 0 (Timeout)
[pid 26495] 14:41:39.028244 sendto(13, "\272\"\24l\371\327q\257\325\213\16R\244C\335-5\266\324`\355\25\227\7\177\322\335\7?\372\327j\264c\216HG\215\25&J\257\327\321KhO9u\363pOe\322\0215\350\226q6\335\27\346\310", 64, MSG_DONTWAIT, NULL, 0) = 64
[pid 26495] 14:41:39.028305 poll([{fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 0) = 0 (Timeout)
[pid 26495] 14:41:39.028363 poll([{fd=13, events=POLLIN|POLLERR|POLLHUP}], 1, 60000) = 1 ([{fd=13, revents=POLLIN}])
[pid 26495] 14:41:39.132619 recvfrom(13, "4nHp\236\264\256n\277\200\375pk\317\314p\376\350\347.\227\236\242\226\352\265\274\30Gq7r5\254\5DvW\212r\352\262O\2744rs\6\304\266\23\3350n\354\211\2\344&\324\303\n9\343", 8192, MSG_DONTWAIT, NULL, NULL) = 64
[pid 26495] 14:41:39.132904 poll([{fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 0) = 0 (Timeout)
[pid 26495] 14:41:39.133096 sendto(13, "\211\253)\213|6\4\351s}\27\253BA%+f\335\t\323\216\366g\206\234\332\276\31S\3064\5\344\216\3z\316P\364F?\316l\303\315\313)%@<\326w\262\323Nw\214\272\202L\305\237\265\32", 64, MSG_DONTWAIT, NULL, 0) = 64
[pid 26495] 14:41:39.133507 close(13)   = 0
[pid 26495] 14:41:39.133820 chdir("/")  = 0
[pid 26495] 14:41:39.134129 setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={0, 0}}, NULL) = 0
[pid 26495] 14:41:39.134402 fcntl(9, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
[pid 26495] 14:41:39.134762 setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={0, 0}}, NULL) = 0
[pid 26495] 14:41:39.134916 read(12, 0x7f84f0ca9048, 8000) = -1 EAGAIN (Resource temporarily unavailable)

Please advice how can I troubleshoot this problem? I'm open to any patches testing.

The current regexp characters used for protected function build_as() function does not work.
Current Code:
https://github.com/respawner/looking-glass/blob/master/routers/quagga.php#L62

The previous code does:

case 'as':
if (match_as($parameter)) {
if (!$this->config['disable_ipv6']) {
$commands[] = $vtysh.'show ipv6 bgp regexp _'.$parameter.'$'.'"';
}
if (!$this->config['disable_ipv4']) {
$commands[] = $vtysh.'show ip bgp regexp _'.$parameter.'$'.'"';
}
} else {
throw new Exception('The parameter is not an AS number.');
}
break;

I tested ^$AS_NUMBER$, but it doesn't seem to also work.
I'm not entirely sure why, but perhaps the $AS_NUMBER is not in the beginning of the string to be captured by ^. Also, it must be in the end as it is capture by $(previous code) and not _(current code).

Hi,

We tried to use cisco and Cisco-XR but the syntax seems to be different and some of the functions can't work. Could you release a version which can work with Cisco-xe?

After selected a router and command , input a parameter ,press input ,it's warning “Error! Cannot connect to the router!!!” I can login the router on lookingglass server .

Source interface selection and ipv4 and ipv6 parameters are not working on RouterOS (Mikrotik).
Version: Looking Glass 2.0.1

Greetings,

is there a way to customize the output display of the routers? Preferably I would like to have the output as a full regular text displayed in-between current header & footer, instead of a scrollable window. also my custom vtysh at some cases outputs some html code that it doesn't get displayed in the output window.

Hello

I have used quagga as backend and i think we need to improve they we handle quagga bgp query

for example, if you input 8.8.8.8 and submit query the command will be

vtysh -c 'show bgp ipv4 8.8.8.8`

and got an error because you need length

the correct input is 8.8.8.0/24

I think we need to change command from show bgp {ipv4,ipv6} to show {ipv4,ipv6} bgp

Thank you

"The documentation configuration can also be used to disable commands by setting the title of the command to null."

i added following to config.php:
$config['doc']['bgp']['command'] = null;
$config['doc']['as-path-regex']['command'] = null;
$config['doc']['as']['command'] = null;
$config['doc']['ping']['command'] = null;

but nothing has changed. the commands are still be displayed at the website. i am using release 2.0.1.

Hi,

I've found a bug that allows me to inject any bash command I want into the system running the script. My tests used the BIRD router, I don't know if this is possible on other systems. If the user configuring the router used a user with no permissions, this may not be an issue, but if they didn't, you could wreak havoc on systems:

To reproduce it:
Open your looking glass
Select "show route as-path-regex" as the command
Enter "test =]' && echo '"
You will see that the closing character of the command (=]) has been printed.

You can then modify the command to do things like list the directory of / (replace the "echo" part with any bash command, and it will be executed, but the =] will be printed after, so this is technically limited to commands that can have that extra bit thrown out, but I was able to find a few including rm that this could cause major issues with)
Heres an example of how I was able to use "curl" with this. It could be used to download a shell-backdoor and execute it

Hey there,

Wouldn't it be nice to be able to copy paste paste a hostname and force the LG to use a specific IP version?

Hi folks,

first of all - thanks for providing this nicely done looking-glass. Sadly, i can't get it to run on our systems...
I tried to install the looking-glass on a fresh install of Debian9+Apache2+PHP7 (nothing special, just all default config), cloned the files into /var/www/html and adjusted the config.php for our cisco routers.
However, i cannot get connected to them and run into the configured timeout.

I get the following error message on the apache error.log:

PHP Notice: Expected SSH_MSG_KEXINIT in /var/www/html/libs/phpseclib-1.0.7/Net/SSH2.php on line 1131

On the log of our router i can see the SSH connection comming in, because our ACL allows the connect:

%SEC-6-IPACCESSLOGP: list ssh permitted tcp xx.xx.xx.xx(53449) -> 0.0.0.0(22), 1 packet

I tried to manually connect with my readonly-user to the router via ssh and it works just fine.

Two things i already tried:

• running the provided docker-container - can also not connect to the router (timeout)
• swapping out the phpseclib-1.0.7 with phpseclib version 2 - breaks everything. ;-)

As i am not really a linux professional nor php programmer, i don't know where to look at the moment.

kind regards
Fabian

I personally own an Layer-3 switch by some manufacturer you may not know, named "Alaxala" from Japan. Their products are often found in system configurations of local mobile network operators and commercial ISPs, being the industries' favorite brand along with famous guys like Cisco, Juniper and others. The model I own at home is called AX3630S-24T and in a nutshell, the command-set of the box is near-identical to those of, say Catalyst 3750 (hence Cisco IOS). If I personally wanted to work on adding supports (somehow I haven't managed to see it work with this project) for Alaxala routers and switches with the same command-sets, what would I first and best be looking into?
Sorry for an unprofessional question, but am just not familiar enough with coding (but maybe reading and playing a bit with codes) in PHP.

Found in routers/arista.php:
https://www.php.net/manual/en/migration70.new-features.php

Please change sys reqs to php7.x

Hello,

When we use looking-glass and we want to use ping.
The parameter is not send with this command.

in routes/arista.php on line 89 there is a cmd->add('repeat 10'); command.
We fixed this with cmd->add($parameter,'repeat 10');
Maybe you want to fix this also in your repository.

Kind regards,

Patrick Harder.

Hi @respawner

I am having a strange issue when connecting to quagga based routers.

Basically I can see the queries being executred on the remote router, but nothing is ever returned and the ajax progress bar keeps on loading forever.

I am running the looking-glass inside a docker container.

I'd appreciate some help how to debug it.

EDIT: I noticed the following error in the Chrome's developer console.

Uncaught SyntaxError: Unexpected token < in JSON at position 0
    at Function.parse [as parseJSON] (<anonymous>)
    at Object.<anonymous> (looking-glass.js:88)
    at i (jquery-3.1.1.min.js:2)
    at Object.fireWith [as resolveWith] (jquery-3.1.1.min.js:2)
    at A (jquery-3.1.1.min.js:4)
    at XMLHttpRequest.<anonymous> (jquery-3.1.1.min.js:4)

Hello,
We would like to have support for multiple device selection when performing queries

Hello guys,

I was interested in using this lg system at our provider.

However, we used Huawei and found nothing of Huawei.

Can I create the router / huawei.php and send a pull?

Or is there a problem with Huawei?