[Euro-ix-rs-vwg] New release 1.2.0
Ondrej Zajicek
santiago at crfreenet.org
Fri Jan 15 16:03:24 CET 2010
On Fri, Jan 15, 2010 at 05:23:48PM +0300, Mikhail A. Grishin wrote:
> Hi, Ondrej
>
> BIRD at production server is still stable and VERY fast (comparing with
> Quagga).
>
> We have some questions about BIRD and may be some bugs.
> Hope you could help us with these issues.
>
> 1. Is it possible to run daemon not as root, but as some unpriveleged
> user (like quagga does)? This is very important for security reasons.
> (binding to 179/tcp port with root priveleges, other tasks without root)
It is not possible. I have this feature in TODO list, but it is pretty
big change. OTOH, for just the route server case (just BGP without
kernel routing table sync) that might be an easy.
> 2. Is it possible to organise birdc interface to work in "read only"
> mode, with limited set of commands, like "show ...", "help" and "exit"?
> This is for duty staff, and for looking glass access.
> (Also there are many security reasons in this question)
>
> 3. Is it possible to implement option in config file, that specify
> permissions for sock file (bird.ctl) ?
> This is for access to birdc console from non-root rights (until 2. is
> unresolved).
No, it is not implemented. A workaround might be to use chmod/chown on
bird.ctl in start script, or define sudo commands for appropriate tasks.
> 4. How you apply automatic cron reconfiguration of bird?
> How could we say "reconfigure" from birdc interface inside some scripts?
> Do you have working examples? We plan to do it from remote machine via ssh.
echo configure | birdc
> 5. Lack of text output filters.
> If we need to view some very big output (10000+ routes from some peer),
> we want to apply search filters to text output (like "| grep", "| grep
> -v", "| begin" (this is from cisco) )
You can use integrated filters:
show route where ...
or redirect output
echo show route | birdc | grep ...
> 6. Lack of text output redirection to external file.
> If we want to save large output into text file for further analysis, we
> want to do something like: "show route all > file.txt"
echo show route all | birdc > file.txt
> 7. How could we turn off paging(more) inside birdc console ?
It is turned off if output is redirected to file/pipe.
> 8. (Bug?) On test Bird installation, with 3 peers only, at 11am
> today(15Jan) I saw that session with some peer is up since "15:36" (and
> no date). I understood, that is means 15:36 14Jan.
> After 12:30, (90 minules later) the same session shows "Jan14" (there is
> no more 15:36). Why so?
Limit is 20 hours. Afer that, just a day is shown. Rather strange behavior,
i acknowledge.
> 9. (addition to 8.)In general, we want to see time and date output for
> every session, every route. Is it possible?
> This is VERY important for looking glass tasks.
There is no config option for it, but it could be done by simple change
in the source code. I could send you a patch, if you want.
--
Elen sila lumenn' omentielvo
Ondrej 'SanTiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20100115/d3fd3b1a/attachment.asc>
More information about the Bird-users
mailing list