The following request shows standard javascript alert
/detail/aaa/ipv4?q=aaa"%3Balert(1)%2F%2F

When clicking on an AS number in the route all view, a popup shows with the aut-num:'s WHOIS record.

A nice addition would be to add a PeeringDB record to the popup's top bar.

PeeringDB offers a read-only access to users logged in as "guest / guest". The "participant" view can't be reached with a direct query based on the aut-num, the following querry has to be used :

https://www.peeringdb.com/private/participant_list.php?s_name=&s_asn=[AUT_NUM]&s_info_type=&s_irr_as_set=&s_info_traffic=&s_policy_general=&s_info_ratio=&s_info_scope=

The only result should be the targeted aut-num. No result means the aut-num has no peeringdb record.

Best approach could be to ask PeeringDB for an API to bypass guest login and access a participant's view straight from the aut-num. [email protected]

Sometimes there is an error:

Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1997, in __call__
    return self.wsgi_app(environ, start_response)
  File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1985, in wsgi_app
    response = self.handle_exception(e)
  File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1540, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1982, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1614, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1517, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1612, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1598, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/home/staff/oszafraniec/bird-lg-master/lg.py", line 493, in show_bgpmap
    edge = add_edge(nodes[previous_as], nodes[_as], label=hop_label, fontsize="7")
  File "/home/staff/oszafraniec/bird-lg-master/lg.py", line 442, in add_edge
    labels = e.get_label().split("\r")
AttributeError: 'NoneType' object has no attribute 'split'

I think this will fix it...

diff --git a/lg.py b/lg.py
index ab2dcfe..4851c83 100644
--- a/lg.py
+++ b/lg.py
@@ -437,7 +437,10 @@ def show_bgpmap():
             e = edges[edge_tuple]
 
             label_without_star = kwargs["label"].replace("*", "")
-            labels = e.get_label().split("\r") 
+            if e.get_label() is not None:
+               labels = e.get_label().split("\r") 
+           else:
+               return edges[edge_tuple]
             if "%s*" % label_without_star not in labels:
                 labels = [ kwargs["label"] ]  + [ l for l in labels if not l.startswith(label_without_star) ] 
                 labels = sorted(labels, cmp=lambda x,y: x.endswith("*") and -1 or 1)

https://lg.angolacables.co.ao/

No matter what starting lg.py or lgproxy.py via flask run always launches on 127.0.0.1:5000, overriding even hardcoded values in the source code. This violates POLA rather significantly.
Please document how to run the app under flask's development server, for those of us who aren't flask programmers.

We need an API for bird-lg. It would allow to better separate the web UI and the backend, and allow external tools to query bird-lg.

This is about a public API that would be exposed by bird-lg, and not about router <--> bird-lg communication (routers should not expose a publicly-available interface anyway)

The API should:

• use a standard format (JSON)
• cover everything that is currently possible in the web UI (i.e. we could rewrite the web frontend to use the API)
• if possible, adhere to some "standard" for this kind of API

When clicking on an AS number in the "route all" view, a WHOIS popup appears.

Default result for "whois AS[whatever]" contains source block informations (RIR delegation) with the following blocks prior to the targeted AS :

as-block:
organisation:
role:
role:

Usefull information starts at "% Information related to 'what your requested'"

Objects defined by the RPSL syntax could be folded by default, only the aut-num: object is relevant here.

Hello,
This is possible to add option to completly disable IPv4 or IPv6 ?
My friend use Your LG in environment where dont have IPv6 - but still IPv6 option is enable, I use in my environment only IPv6 ( lab ) and dont have IPv4 - maybe please add option for select IPv4/IPv6 enable and what is default webpage?
Now default page is: return redirect("/summary/%s/ipv4" % "+".join(app.config["PROXY"].keys()))
so i get error everytime enter to webpage that`s why i change to:
return redirect("/summary/%s/ipv6" % "+".join(app.config["PROXY"].keys()))

Will be cool if You add option like this.
Thanks for Your work!

Hi,
are there any docker images for bird-lg?

Hello
I just update LG to newlatest version and get amazing many errors :

WARNING in lg [/opt/bird-lg-master/lg.py:258]:
couldn't parse: LosAngeles BGP master up 2017-10-08 Established

WARNING in lg [/opt/bird-lg-master/lg.py:258]:
couldn't parse: London BGP master up 2017-10-08 Established

WARNING in lg [/opt/bird-lg-master/lg.py:258]:
couldn't parse: Italy BGP master up 2017-10-08 Established

WARNING in lg [/opt/bird-lg-master/lg.py:258]:
couldn't parse: Seattle BGP master up 2017-10-08 Established

WARNING in lg [/opt/bird-lg-master/lg.py:258]:
couldn't parse: Romania BGP master up 2017-10-08 Established

WARNING in lg [/opt/bird-lg-master/lg.py:258]:
couldn't parse: Russia BGP master up 2017-10-08 Established

Best Regards
TaKeN

I'm curious, does anybody actually use memcached with bird-lg?

In my deployments, I patch it out because I don't want to add such a big service as dependency.

It seems to only cache the result of "AS to AS-name" lookups, used in the bgpmap. These lookups are made through DNS which already has a cache. So I think it makes sense to just remove all this memcached thing.

@sileht what was the original need for memcached? Did you run into rate-limiting issues with cymru?

When AS is in two paths with different prepend, the graph only show the longest path

http://lg.arn-fai.net/prefix_detail/hwhost-1/ipv4?q=unistra.fr

There are cases where path can be None and extend ise used on it.

Here is a quick patch about it:

diff --git a/lg.py b/lg.py
index 477e29a..28c71f8 100644
--- a/lg.py
+++ b/lg.py
@@ -547,7 +547,11 @@ def build_as_tree_from_raw_bird_ouput(host, proto, text):
                 net_dest = expr2.group(1).strip()

         if line.startswith("BGP.as_path:"):
-            path.extend(line.replace("BGP.as_path:", "").strip().split(" "))
+            ASes = line.replace("BGP.as_path:", "").strip().split(" ")
+            if path:
+                path.extend(ASes)
+            else:
+                path = ASes

Currently, the DOMAIN configuration key is used for two completely different things:

• to build the hostname of machines to query (myrouter + DOMAIN)
• to display as the title of the web page

It would be good to introduce a new configuration variable like WEBSITE_TITLE to avoid this second usage.

It is possible to use default values in the template for backwards compatibility:

{{ config.WEBSITE_TITLE|default("bird-lg looking glass") }}

While bgpmap works ok for prefixes outside my AS, drawing the map for my own prefixes fails with the following error:

[2016-12-22 09:48:12 +0000] [7534] [ERROR] Error handling request /bgpmap/?q={%22Moscow%22:%20[[%22sr2%22,%20%22%22,%20%221.1.1.1/32%22]]}
Traceback (most recent call last):
File "/usr/lib64/python2.7/site-packages/gunicorn/workers/sync.py", line 135, in handle
self.handle_request(listener, req, client, addr)
File "/usr/lib64/python2.7/site-packages/gunicorn/workers/sync.py", line 176, in handle_request
respiter = self.wsgi(environ, resp.start_response)
File "/usr/lib64/python2.7/site-packages/flask/app.py", line 1836, in __call__
return self.wsgi_app(environ, start_response)
File "/usr/lib64/python2.7/site-packages/flask/app.py", line 1820, in wsgi_app
response = self.make_response(self.handle_exception(e))
File "/usr/lib64/python2.7/site-packages/flask/app.py", line 1403, in handle_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib64/python2.7/site-packages/flask/app.py", line 1817, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib64/python2.7/site-packages/flask/app.py", line 1477, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib64/python2.7/site-packages/flask/app.py", line 1381, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib64/python2.7/site-packages/flask/app.py", line 1475, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib64/python2.7/site-packages/flask/app.py", line 1461, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/opt/data/www/bird-lg/lg.py", line 510, in show_bgpmap
response = Response(graph.create_png(), mimetype='image/png')
File "/usr/lib64/python2.7/site-packages/pydot.py", line 1802, in <lambda>
lambda f=frmt, prog=self.prog : self.create(format=f, prog=prog))
File "/usr/lib64/python2.7/site-packages/pydot.py", line 2023, in create
status, stderr_output) )
InvocationException: Program terminated with status: 1. stderr follows: Error: /tmp/tmpQ37yUx: syntax error in line 5 near '['

The following is /tmp/tmpQ37yUx (I only replaced the real prefix with a fake 1.1.1.1/32, my AS number with 12345 and my AS name with 'AS-AS')

digraph BGPMAP {
Moscow [shape=box, fontsize=10, style=filled, fillcolor="#F5A9A9", label=<<TABLE CELLBORDER="0" BORDER="0" CELLPADDING="0" CELLSPACING="0"><TR><TD ALIGN="CENTER">MOSCOW</TD></TR></TABLE>>];
12345 [style=filled, fontsize=10, fillcolor="#F5A9A9", label=<<TABLE CELLBORDER="0" BORDER="0" CELLPADDING="0" CELLSPACING="0"><TR><TD ALIGN="CENTER">AS12345 | AS-AS<BR/>, RU</TD></TR></TABLE>>];
12345 -> Moscow [color=red, style=bold, splines=true];
[style=filled, fontsize=10, fillcolor="#F5A9A9", label=<<TABLE CELLBORDER="0" BORDER="0" CELLPADDING="0" CELLSPACING="0"><TR><TD ALIGN="CENTER">AS?????</TD></TR></TABLE>>];
Moscow -> [color=red, style=bold, fontsize=7, splines=true, label="sr2*"];
"1.1.1.1/32" [shape=box, style=filled, fontsize=10, fillcolor="#F5A9A9", label=<<TABLE CELLBORDER="0" BORDER="0" CELLPADDING="0" CELLSPACING="0"><TR><TD ALIGN="CENTER">1.1.1.1/32</TD></TR></TABLE>>];
-> "1.1.1.1/32" [color=red, style=bold, fontsize=7, splines=true];
}

When I get a graphviz map for a route like the following:

bird> show route for 1.11.48.0/21 all
Table master4:
1.11.48.0/21         unicast [v4_9370 12:47:02.816 from 59.106.1.2] * (100/?) [AS18313i]
	via 192.168.11.1 on eth2
	Type: BGP univ
	BGP.origin: IGP
	BGP.as_path: 9370 2497 9318 38091 38091 38091 38091 18313
	BGP.next_hop: 157.17.128.4
	BGP.med: 3250
	BGP.local_pref: 100
	BGP.community: (9370,100)
                     unicast [v4v6_9371 12:47:12.935 from 210.224.162.177] (100/?) [AS18313i]
	via 192.168.11.1 on eth2
	Type: BGP univ
	BGP.origin: IGP
	BGP.as_path: 9371 2497 9318 38091 38091 38091 38091 18313
	BGP.next_hop: 157.17.144.2
	BGP.med: 3100
	BGP.local_pref: 100
	BGP.community: (9371,100)

AS38091 path prepend is counted 7 times.

My previous PR #42 now includes a patch b6c46fc for this glitch. Please review this one as well.

it would be nice if one could query BIRD-LG over HTTP and get back the LG information in JSON format, instead of the regular (nice) HTML output.

This way I could easily integrate the BIRD-lg output in my existing applications and have them parse the data accordingly.

I recommend using pyparsing to parse the BIRD CLI output.

All the bgpmap queries return the following error in the logs, as well as an "Internal Server Error" on the frontend.

Please let me know if you need more informations.

10.68.21.68 - - [12/Jun/2017 21:53:22] "GET /prefix_bgpmap/ESAMS/ipv4?q=118.69.108.0/24 HTTP/1.1" 500 -
[2017-06-12 21:53:28,942] ERROR in app: Exception on /prefix_bgpmap/ESAMS/ipv4 [GET]
Traceback (most recent call last):
  File "/home/birdlg/.local/lib/python2.7/site-packages/flask/app.py", line 1982, in wsgi_app
    response = self.full_dispatch_request()
  File "/home/birdlg/.local/lib/python2.7/site-packages/flask/app.py", line 1614, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/home/birdlg/.local/lib/python2.7/site-packages/flask/app.py", line 1517, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/home/birdlg/.local/lib/python2.7/site-packages/flask/app.py", line 1612, in full_dispatch_request
    rv = self.dispatch_request()
  File "/home/birdlg/.local/lib/python2.7/site-packages/flask/app.py", line 1598, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "lg.py", line 363, in show_route_for_bgpmap
    return show_route("prefix_bgpmap", hosts, proto)
  File "lg.py", line 633, in show_route
    detail[host] = build_as_tree_from_raw_bird_ouput(host, proto, res)
  File "lg.py", line 562, in build_as_tree_from_raw_bird_ouput
    path.extend(line.replace("BGP.as_path:", "").strip().split(" "))
AttributeError: 'NoneType' object has no attribute 'extend'

I've noticed occasional broken images on some bgpmaps from the NLNOG RING LG, and upon deeper investigation some prefixes which contain longer AS-PATHs (usually those with multiple prepends) which are visible via significant chunks of the internet generate a very long bgpmap/?q={"....."} URL to the image generation script. I've seen some over 9500 characters.

An example of such a prefix. If you click the broken image link you'll likely get a HTTP 414 "Request URI too long" error.

Potential workaround to the problem:
Clicking the link to view the image full size could be a form submission and use POST, however I don't know how you'd go about solving that for the thumbnail that is currently linked to the full size image.

Hello
I just update bird-lg to new version and stop working.

[2020-06-13 21:19:21,397] ERROR in app: Exception on /bgpmap/ [GET]
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 2292, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1815, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1718, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1813, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1799, in dispatch_request
return self.view_functionsrule.endpoint
File "lg.py", line 494, in show_bgpmap
hop_label = hop_label + "*"
TypeError: unsupported operand type(s) for +: 'NoneType' and 'str'

I got version from 2019 year and working perfect with BIRD 1.6.6

The output format of show protocols and show route has changed in bird-2.

• bird-1.6.3

bird> show protocol
name     proto    table    state  since       info
kernel1  Kernel   master   up     12:37:21    
device1  Device   master   up     12:37:21    
static1  Static   master   up     12:37:21    
v4_9370  BGP      master   up     12:37:26    Established   
v4_9371  BGP      master   up     12:38:27    Established

bird> show route for 8.8.8.8 all
8.8.8.0/24         via 192.168.11.1 on eth2 [v4_9370 12:37:29 from 59.106.1.2] * (100/?) [AS15169i]
	Type: BGP unicast univ
	BGP.origin: IGP
	BGP.as_path: 9370 15169
	BGP.next_hop: 157.17.128.4
	BGP.med: 0
	BGP.local_pref: 100
	BGP.community: (9370,200) (9370,201)
                   via 192.168.11.1 on eth2 [v4_9371 12:38:42 from 210.224.162.177] (100/?) [AS15169i]
	Type: BGP unicast univ
	BGP.origin: IGP
	BGP.as_path: 9371 15169
	BGP.next_hop: 157.17.144.1
	BGP.med: 0
	BGP.local_pref: 100
	BGP.community: (9371,200) (9371,203)

• bird-2.0.4

bird> show protocols
Name       Proto      Table      State  Since         Info
device1    Device     ---        up     12:46:55.926  
direct1    Direct     ---        down   12:46:55.926  
kernel1    Kernel     master4    up     12:46:55.926  
kernel2    Kernel     master6    up     12:46:55.926  
static1    Static     master4    up     12:46:55.926  
static2    Static     master6    up     12:46:55.926  
rpki1      RPKI       ---        up     12:46:55.932  Established
v4_9370    BGP        ---        up     12:47:00.144  Established   
v4v6_9371  BGP        ---        up     12:47:01.218  Established   
v6_9370    BGP        ---        up     12:47:00.377  Established   

bird> show route for 8.8.8.8 all
Table master4:
8.8.8.0/24           unicast [v4_9370 12:47:02.951 from 59.106.1.2] * (100/?) [AS15169i]
	via 192.168.11.1 on eth2
	Type: BGP univ
	BGP.origin: IGP
	BGP.as_path: 9370 15169
	BGP.next_hop: 157.17.128.4
	BGP.med: 0
	BGP.local_pref: 100
	BGP.community: (9370,200) (9370,201)
                     unicast [v4v6_9371 12:47:18.998 from 210.224.162.177] (100/?) [AS15169i]
	via 192.168.11.1 on eth2
	Type: BGP univ
	BGP.origin: IGP
	BGP.as_path: 9371 15169
	BGP.next_hop: 157.17.144.1
	BGP.med: 0
	BGP.local_pref: 100
	BGP.community: (9371,200) (9371,203)

Please review PR #42, which should parse the output of both old and newer versions of bird.

Hi,

I found an xss using the q parameter. This is the only parameter i tested, so there are probably other wholes.

http://.../prefix_bgpmap/gw+h3/ipv4?q=

here is an example. I guess the fix there would be to implement a parser for the arguments to pass to whois before sending them off.

This isn't very high priority because it's executed as-is directly in whois (no shell), but if there's a vulnerability in whois it could potentially be abused (also I /guess/ the reply from whois is pasted directly in the page so it's a potential source of XSS if the whois server replies with something that will be executed, but I can't try that)

When trying to call show_bgpmap, I have the following crash from pydot.

How can I get dump why this crash happen ?

File "/home/birdlg/bird-lg/lg.py", line 531, in show_bgpmap
return Response(graph.create_png(), mimetype='image/png')
File "/home/birdlg/bird-lg/lg/local/lib/python2.7/site-packages/pydot.py", line 1681, in
self.create(format=f, prog=prog))
File "/home/birdlg/bird-lg/lg/local/lib/python2.7/site-packages/pydot.py", line 1900, in create
assert p.returncode == 0, p.returncode

When clicking on an AS number in the route all view, a popup shows with the aut-num:'s WHOIS record.

A nice addition would be to add a ROBTEX link to the popup's top bar.

Links to ROBTEX' AS view has the following syntax : http://as.robtex.com/as[number].html.

Robtex doesn't support AS32, only 16bit AS are linkable as of 2013-04.

My PR #45 now includes patch 94d0357 for this glitch and related inconsistency in edge shapes of the map.
show route where net ~ [ 1.0.4.0/22+ ] (bgpmap)

• inconsistent without patch:
  

• consistent with patch:
  

123.123.123.123 - - [14/Aug/2017 15:00:29] "GET /robots.txt HTTP/1.1" 500 -
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1997, in call
return self.wsgi_app(environ, start_response)
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1985, in wsgi_app
response = self.handle_exception(e)
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1540, in handle_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1982, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1614, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1512, in handle_user_exception
return self.handle_http_exception(e)
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1471, in handle_http_exception
return handler(e)
File "/opt/bird-lg-master/lg.py", line 200, in page_not_found
return render_template('error.html', warnings=["The requested URL was not found on the server."]), 404
File "/usr/lib/python2.7/dist-packages/flask/templating.py", line 134, in render_template
context, ctx.app)
File "/usr/lib/python2.7/dist-packages/flask/templating.py", line 116, in _render
rv = template.render(context)
File "/usr/lib/python2.7/dist-packages/jinja2/environment.py", line 989, in render
return self.environment.handle_exception(exc_info, True)
File "/usr/lib/python2.7/dist-packages/jinja2/environment.py", line 754, in handle_exception
reraise(exc_type, exc_value, tb)
File "/opt/bird-lg-master/templates/error.html", line 1, in top-level template code
{% extends "layout.html" %}
File "/opt/bird-lg-master/templates/layout.html", line 125, in top-level template code
history_query = {{session.history|tojson|safe}};
File "/usr/lib/python2.7/dist-packages/flask/json.py", line 269, in tojson_filter
return Markup(htmlsafe_dumps(obj, **kwargs))
File "/usr/lib/python2.7/dist-packages/flask/json.py", line 183, in htmlsafe_dumps
rv = dumps(obj, **kwargs)
File "/usr/lib/python2.7/dist-packages/flask/json.py", line 123, in dumps
rv = _json.dumps(obj, **kwargs)
File "/usr/lib/python2.7/dist-packages/simplejson/init.py", line 397, in dumps
**kw).encode(obj)
File "/usr/lib/python2.7/dist-packages/simplejson/encoder.py", line 291, in encode
chunks = self.iterencode(o, _one_shot=True)
File "/usr/lib/python2.7/dist-packages/simplejson/encoder.py", line 373, in iterencode
return _iterencode(o, 0)
File "/usr/lib/python2.7/dist-packages/flask/json.py", line 80, in default
return _json.JSONEncoder.default(self, o)
File "/usr/lib/python2.7/dist-packages/simplejson/encoder.py", line 268, in default
raise TypeError(repr(o) + " is not JSON serializable")
TypeError: Undefined is not JSON serializable

There seems to be some interest in providing Docker images (#37, #72)

Several questions need discussion and/or help:

• what is the release model? Is it fine to just provide a Docker image of the latest code? Sometimes we break the configuration syntax. Should we move to semver releases and provide a docker image per release?
• how to configure bird-lg running in a Docker image?

From the little knowledge I have of Docker, people seem to like passing configuration from an external source.

We can't really use env variables because the configuration has python objects. Maybe we could pass the config file to stdout of the python programs? I have no idea if gunicorn would allow this.

Flask has documentation about the different ways to configure it: https://flask.palletsprojects.com/en/1.1.x/config/ (nothing specific to Docker though)

Expected Behavior

"show route for" query does not require selection of address family

Actual Behavior

must select the correct AFI

Steps to Reproduce the Problem

Specifications

• Pull Request URL:
• Mergify Config URL:

since AFI can be inferred from input (prefix/IP), there is no point to make AFI selection mandatory

I would to do a number of changes that would break compatibility with existing installations. Nothing bad, but configuration would need to be adapted. So we would need to do a "release" and communicate the changes.

For now I'm thinking about:

• simplify configuration syntax: #75
• add support for python3 and remove support for python2 (which is no longer supported)
• move config files to lg.cfg.example and lgproxy.cfg.example so that actual configuration files can be managed independently of the git repo

If you have other ideas for changes that would break compatibility, it's a good time so that we "release" everything at once.

Expected Behavior

in config file only used trace or ping command any my network set only ip address or router and gateway
How Can connect to the router (ssh or telnet)
To loockup route
of ip in cisco routers?

Actual Behaviora

Steps to Reproduce the Problem

Specifications

• Pull Request URL:
• Mergify Config URL:

Expected Behavior

https://(domain)/prefix/(node)/ipv4?q=%22%2balert(document.domain)%2b%22

Example from the domain: https://(domain)/prefix/(node)/ipv4?q=%22%2balert(document.domain)%2b%22

Actual Behavior

Arbitrary Javascript Code alert(document.domain) is executed.
This can leverage to leak cookies, or even run malicious code on the victim's browser.

sileth has not been active on the project for several years. I have been doing some interim maintenance, but I can't commit to spend a lot of time on the project.

The situation is not really good at the moment, both on the community side:

• there are unaddressed security issues (e.g. #63)
• code proposals take several months to be reviewed, or are not reviewed at all, discouraging new contributors

and on the technical side:

• the code is aging and is becoming hard to maintain / debug (especially the bgpmap visualisation)
• we need an API (see #84)
• the communication between the backend and web UI frontend is really messy, it would really benefit from an API
• the project is not well-adjusted for general usage: either it provides too much (dependency on memcached), too specific ("domain" concept), or too little (customization is difficult and requires to hack the code)
• as a result, many people modify bird-lg to suit their needs, creating a lot of divergence and not contributing energy to the "main" project

This calls for a "reboot" of the project, either by investing more maintenance energy to be able to transform it, or by re-designing / rewriting (parts of) the project from scratch.

In both cases, it requires a community of motivated people! If you are interested in such a "reboot", please reply to this ticket to discuss.

Hello,
Please update Your README.mkd bird-lg need python-memcache too.

Best Regards!

Not sure this is really a problem but figured I'd mention it in case it wasn't expected/desired:

the multi-path bgpmap output gets rearranged visually with every run - sometimes the active path will be on the left, sometimes in the middle, sometimes on the right. Pressing Ctrl-R in the browser repeatedly shows the diagram bouncing around a bit.

It always appears to be correct, though.

This is as of commit 1a3c618522fd16e991d3877e1b714560aa095ff1.

Because of the rise of RPKI validation among network operators, I thought it would be nice to show a route's validity state in BIRD-LG.
So I've added an API call to RIPE NCC's RPKI Validator (Example API URL) calls to lg.py to show BGP origin validation states when displaying routes.

If there's interest for this to be in here, I'll create a pull request with my changes. It's not beautiful (code and output), so any hints to make it better are welcome. I'm fairly new to Python, so please be gentle.

So far, the API URL is hard coded and it's an external resource. But it could be changed to be configurable, so a local instance of the validator software can be accessed.

I just installed and configured bird 2.0.2 and bird-lg, so this may be an issue with my config. I am running bird, lgproxy.py, and lg.py on the same host. I'm using the current master branch (1f0efca) for bird-lg.

I can successfully query the proxy via curl:

$ curl http://localhost:5001/bird?q=show%20protocols
Name       Proto      Table      State  Since         Info
peer1      BGP        ---        up     13:04:05.471  Established

However, on the show protocols page of the looking glass (e.g. http://lg.example.com:5000/summary/lg/ipv4) the table contains only the header and one empty row.

The log in /var/log/lg.log contains a new entry every time I try to reload the show protocols page in the looking glass:

couldn't parse: peer1      BGP        ---        up     13:04:05.471  Established

It looks like the issue is that the table column, '---', doesn't match the regular expression.

I do see that vpn4tab is populated:

$ sudo /usr/local/sbin/birdc show route count
BIRD v2.0.2 ready.
0 of 0 routes for 0 networks in table master4
0 of 0 routes for 0 networks in table master6
9581 of 9581 routes for 9581 networks in table vpntab4
Total: 9581 of 9581 routes for 9581 networks in 3 tables

I'm guessing that the table is showing '---' because there are other tables (master4 and master6) present? I'm not sure if bird-lg should be able to handle this, or if my bird configuration needs to somehow exclude the master4 and master6 tables.

My bird.conf file is below:

log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
log stderr all;

router id 127.0.0.1;

vpn4 table vpntab4;
vpn6 table vpntab6;

protocol bgp peer1 {
        local as 65321;
        neighbor 192.168.1.1 as 65321;
        hold time 180;
        vpn4 mpls {
                import all;
                export all;
        };
        vpn6 mpls {
                import all;
                export all;
        };
}

Hi

I am running bird on a server to share our looking glass with our customers...this is just dedicated fr this purpose, and I'm using the same server to use for the bird-lg.

When installing, do i just edit the lg.cfg and lgproxy.cfg?

I am running lg.py and lgproxy.py but i get an error like below -
Failed retreive url: http://jnb.za.lg.wiocc.net:5000/traceroute?q=64.13.232.144

our bird is za.lg.wiocc.net

Cheers

We should definitely support python3 at this point...

here

works on the input field, doesn't matter which dropdown menu option is selected

Hello,
When i try generate map for show route for i get this error everytime:

AttributeError
AttributeError: 'NoneType' object has no attribute 'extend'

Traceback (most recent call last)
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1997, in __call__
return self.wsgi_app(environ, start_response)
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1985, in wsgi_app
Open an interactive python shell in this frameresponse = self.handle_exception(e)
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1540, in handle_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1982, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1614, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1517, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1612, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1598, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/opt/bird-lg-master/lg.py", line 363, in show_route_for_bgpmap
return show_route("prefix_bgpmap", hosts, proto)
File "/opt/bird-lg-master/lg.py", line 633, in show_route
detail[host] = build_as_tree_from_raw_bird_ouput(host, proto, res)
File "/opt/bird-lg-master/lg.py", line 562, in build_as_tree_from_raw_bird_ouput
path.extend(line.replace("BGP.as_path:", "").strip().split(" "))
AttributeError: 'NoneType' object has no attribute 'extend'
The debugger caught an exception in your WSGI application. You can now look at the traceback which led to the error.
To switch between the interactive traceback and the plaintext one, you can click on the "Traceback" headline. From the text traceback you can also create a paste of it. For code execution mouse-over the frame you want to debug and click on the console icon on the right side.

You can execute arbitrary Python code in the stack frames and there are some extra helpers available for introspection:

dump() shows all variables in the frame
dump(obj) dumps all that's known about the object

Best Regards