For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

serge_faller_83's avatar
serge_faller_83
Icon for Altostratus rankAltostratus
Oct 19, 2005

Add a new data on the UDP payload

Hi,

 

I wish to find a way with an iRule to save a src_adress (client) at the end of the

 

UDP payload before SNAT. ( use RADIUS )

 

 

I implemented the irules according to :

 

. Update the end of payload with this adress : UDP::payload replace

 

-> failure

 

. Update UDP length and IP length, and chck=0 : ?

 

how can I replace length UDP, IP and checksum ( no IP::length, IP::chck)

 

 

thanks for the help

 

 

irules :

 

-------

 

 

set udp_size [UDP::payload length]

 

set size_IP 4

 

set Ip_src_adr [IP::client_addr]

 

 

update length and checksum

 

set [UDP::payload length] [ expr $size_IP + $size_IP ]

 

-> no update

 

save @IP

 

UDP::payload replace $udp_size $size_IP $Ip_src_adr

 

-> it doesn't work - failure
application delivery
dev
devops
iRules

4 Replies

  • drteeth_127330's avatar
    drteeth_127330
    Historic F5 Account
    Oct 19, 2005
    The UDP::payload replace command will automatically update the datagram length and checksum. The command syntax is as follows:

     

    
UDP::payload replace

     

    It's important to note that is the amount of data to replace. It is not the size of . For example, the following code snippet will insert the client IP address at the beginning of the datagram. The IP address will be inserted as a string. Perhaps you're attempting to insert the IP address as a 32 bit number?

     

    
when CLIENT_DATA {
    UDP::payload replace 0 0 [IP::remote_addr]
}
  • unRuleY_95363's avatar
    unRuleY_95363
    Historic F5 Account
    Oct 20, 2005
    Just to add to Dr. Teeth's post. You problem is that:

    A) You don't set the length using UDP::payload length. The length is automatically determined by the amount of payload.

    B) You can't replace 4 bytes starting at the end of the payload. You can insert 4 bytes at the end by using:
    UDP::payload replace $udp_size 0 $Ip_src_adr

    Also, if you do want to insert the IP address as a 32-bit (4 byte) number, you may want to search the forum for some examples of converting the IP address to a integer value.
  • serge_faller_83's avatar
    serge_faller_83
    Icon for Altostratus rankAltostratus
    Oct 26, 2005
    thanks for your help,

     

     

    Indeed I tried <>, it works ..

     

    But I have always a problem with my adress format.

     

    I don't find tcl solution to convert the ip_adress... (?)

     

     

    . set "Ip_src_adr [IP::client_addr]" give : Ip_src_adr=155.132.226.3

     

    . "binary scan [IP::client_addr] h* Ip_adr" give : Ip_adr=135353e2133323e2232363e233

     

    ...

     

     

    Can I read client_addr on IPheader without using IP::client_addr to have a binary or hex format ?

     

     

  • unRuleY_95363's avatar
    unRuleY_95363
    Historic F5 Account
    Nov 01, 2005
    You would likely need to use the regular scan and some math:

    
scan [IP::client_addr] "%u.%u.%u.%u" ip1 ip2 ip3 ip4
set ip [expr {(ip1 << 24) + (ip2 << 16) + (ip3 << 😎 + ip4}]