Configuration Options
Format
The config.php file is a piece of regular PHP source code. This means that you need to follow the rules or the interface will not work.
You can mostly get something working by copying the example lines, just make sure all your strings are quoted and your statements end in a semicolon (;).
All the default values for the configuration are defined in the includes/config.defaults.php file. This file must not be edited. The directives set in config.php will automatically override the default ones.
Directives
These are the available configuration options. They can be set in config.php. Values shown in this documentation are (for most of them) the default values that are set if the configuration is not overriden.
Frontpage
$config['frontpage']['color_mode_enabled'] = true;
$config['frontpage']['css'] = 'css/style.css';
$config['frontpage']['title'] = 'Looking Glass';
$config['frontpage']['image'] = null;
$config['frontpage']['image_width'] = 0;
$config['frontpage']['image_height'] = 0;
$config['frontpage']['header_link'] = null;
$config['frontpage']['peering_policy_file'] = null;
$config['frontpage']['disclaimer'] = 'Disclaimer example';
$config['frontpage']['show_title'] = true;
$config['frontpage']['show_visitor_ip'] = true;
$config['frontpage']['order'] = array('routers', 'commands', 'parameter', 'buttons');
$config['frontpage']['router_count'] = 5;
$config['frontpage']['command_count'] = 5;
$config['frontpage']['additional_html_header'] = '<link rel="icon" href="/static/images/cropped-32x32.png" sizes="32x32" /><link rel="icon" href="/static/images/cropped-192x192.png" sizes="192x192" /><link rel="apple-touch-icon-precomposed" href="/static/images/cropped-180x180.png" /><meta name="msapplication-TileImage" content="/static/images/cropped-270x270.png" />';
Contact
$config['contact']['name'] = 'Example Support';
$config['contact']['mail'] = 'support@example.com';
Routers
To define routers that can be used in the interface you need to fill the "routers" array. The index of the router must be unique in this example it will be "router1".There are some pretty generic things to define:
$config['routers']['router1']['host'] = 'r1.example.net';
$config['routers']['router1']['desc'] = 'Example Router 1';
You need to define the type of the router so the looking glass knows how to interact with it.
$config['routers']['router1']['type'] = 'juniper';
- juniper or junos
- cisco or ios
- ios-xr or iosxr
- arista
- mikrotik or routeros
- nokia
- extreme_netiron
- bird
- bird2
- quagga or zebra
- openbgpd
- edgeos or vyatta or vyos
- frr
- huawei
It is also highly recommended to specify a source interface ID to be used by the router when it will try to ping or traceroute a destination. This is done with:
$config['routers']['router1']['source-interface-id'] = 'lo0';
$config['routers']['router1']['source-interface-id']['ipv6'] = '2001:db8::1';
$config['routers']['router1']['source-interface-id']['ipv4'] = '192.168.1.1';
After that you need to set the authentication information for the looking glass to be able to log into the router. For this you select a type of authentication and then supply the needed information.
$config['routers']['router1']['disable_ipv6'] = false;
$config['routers']['router1']['disable_ipv4'] = false;
$config['routers']['router1']['timeout'] = 30;
$config['routers']['router1']['bgp_detail'] = false;
This parameter can be toggled on Juniper, Extreme (NetIron), BIRD, and OpenBGPd routers.
Cisco (IOS or IOS-XR), Quagga, Vyatta/VyOS/EdgeOS, and FRRouting routers do not
support toggleable BGP detail output and will always display BGP detail output
for bgp
commands, and will never display BGP detail output for as
and
as-path-regex
commands.
Telnet
$config['routers']['router1']['user'] = 'readonlyuser';
$config['routers']['router1']['pass'] = 'readonlypassword';
$config['routers']['router1']['auth'] = 'telnet';
SSH with Password
$config['routers']['router1']['user'] = 'readonlyuser';
$config['routers']['router1']['pass'] = 'readonlypassword';
$config['routers']['router1']['auth'] = 'ssh-password';
SSH with Key
$config['routers']['router1']['user'] = 'readonlyuser';
$config['routers']['router1']['private_key'] = '/home/user/.ssh/key';
$config['routers']['router1']['pass'] = 'mypassphrase';
$config['routers']['router1']['auth'] = 'ssh-key';
Output
$config['output']['show_command'] = true;
$config['output']['scroll'] = true;
Logs
$config['logs']['file'] = '/var/log/looking-glass.log';
$config['logs']['format'] = '[%D] [client: %R] %H > %C';
$config['logs']['auth_debug'] = false;
Filters
$config['filters']['output'][] = '/(client1|client2)/';
$config['filters']['output'][] = '/^NotToShow/';
$config['filters']['output'][] = ['/replacethis/', 'withthis'];
// Use the unset command if you don't want to use pre-defined filters
// unset $config['filters']['aspath_regexp'];
$config['filters']['aspath_regexp'][] = '.* 64546 .*';
Pre-defined regexps are the following:
.
.*
.[,]*
.[0-9,0-9]*
.[0-9,0-9]+
To reset the default filter, the unset
command must be used first before
adding new values.
Anti-Spam
$config['antispam']['enabled'] = true;
$config['antispam']['database_file'] = 'looking-glass.db';
$config['antispam']['allow_list'] = array(
'2001:db8::/32',
'10.0.0.0/8',
'100.64.0.0/10',
'172.16.0.0/12',
'192.168.0.0/16'
);
CAPTCHA
$config['captcha']['enabled'] = true;
Two types of CAPTCHA are supported:
recaptcha
from Googlehcaptcha
$config['captcha']['type'] = 'recaptcha';
$config['captcha']['apikey'] = 'foobar';
$config['captcha']['secret'] = 'foobar';
$config['captcha']['url'] = 'https://www.google.com/recaptcha/api/siteverify';
$config['captcha']['type'] = 'hcaptcha';
$config['captcha']['apikey'] = 'foobar';
$config['captcha']['secret'] = 'foobar';
$config['captcha']['url'] = 'https://hcaptcha.com/siteverify';
Defines sitekey and secret, it may be named differently in the CAPTCHA documentation.
Routing Instances
Note
This feature is currently only available for Juniper Junos devices.
$config['routing_instances'] => array(
'vrf-internet' => 'Internet', 'vrf-mgmt' => 'Management'
);
The suffixes such as inet.0
and inet6.0
can be omitted for Juniper
devices, only the names of routing instances are needed.
Misc.
$config['misc']['allow_private_asn'] = false;
$config['misc']['allow_private_ip'] = true;
$config['misc']['allow_reserved_ip'] = true;
$config['misc']['minimum_prefix_length']['ipv6'] = 0;
$config['misc']['minimum_prefix_length']['ipv4'] = 0;
$config['misc']['enable_http_x_forwarded_for'] = false;
HTTP_X_FORWARDED_FOR
header,
which should include the user real IP, which then displayed on the page footer.
For more info about this header see RFC7239.
Because this header is user controlled, it's disabled by default.
Tools
The tools that are used by this software are ping and traceroute for routers based on BIRD and Quagga. However some people might want to be able to customize the way these tools are used.
$config['tools']['ping_options'] = '-A -c 10';
$config['tools']['ping_source_option'] = '-I';
$config['tools']['traceroute4'] = 'traceroute -4';
$config['tools']['traceroute6'] = 'traceroute -6';
$config['tools']['traceroute_options'] = '-A -q1 -N32 -w1 -m15';
$config['tools']['traceroute_source_option'] = '-s';
Documentation
The documentation configuration should probably not be modified but here are the tweakable options used to define them.
There are 5 available commands and so there are documentation for each one of them.
$config['doc']['bgp']
$config['doc']['as-path-regex']
$config['doc']['as']
$config['doc']['ping']
$config['doc']['traceroute']
Each command has a subset of options to configure its title, its description summary and its detailed description. For example:
$config['doc']['bgp']['command'] = '';
$config['doc']['bgp']['description'] = '';
$config['doc']['bgp']['parameter'] = '';
See the default values for more details.
Disabling Commands
The documentation configuration can also be used to disable commands by setting the
title of the command to null
. A disabled command will no longer show up in the user
interface, and if an attacker tries to send a forged POST request with a disabled
command to Looking Glass an error will be returned.
For example, this piece of config would disable as-path-regex
commands:
$config['doc']['as-path-regex']['command'] = null;