Forum Discussion
Nimbostratusadd IP client for SMTP in v13.1: stream::replace not working
HI
I try to add the client IP source in the SMTP stream by using this code but it seems the Stream::replace does not work.
Could you help please ?
output:
220 server1 Frontend
ehlo
250-server Hello 10.1.2.3
250-SIZE
250 XRDST
desired output
220 server1 Frontend
ehlo
250-server Hello Client addr: 4.5.6.7
250-SIZE
250 XRDST
code
when STREAM_MATCHED {
set server [string tolower [STREAM::match]]
if {$server contains "10.1.2.3"} {
STREAM::replace "10.1.2.3/Client_IP\:[IP::client_addr]"
STREAM::disable
log local0. "Client addr: IP::client_addr]"
}
}
- boneyard
MVP
the documentation https://clouddocs.f5.com/api/irules/STREAM_MATCHED.html
seems to indicate you have to do a STREAM::expression in another event or get a match from stream profile, did you do that?
an irule trick i always do is log at the start of an event, there you can check if the STREAM_MATCHED event triggers. if it doesn't that is step one to fix.
when i tested yours on something similar i did indeed not trigger the event at all.
silver78Thank you, it is weird because , only the log local of the client is accepted with real IP. When i enter HELO or EHLO, the stram::expression always is not matched
when CLIENT_ACCEPTED { set caddr [IP::client_addr] log local0. "Client addr: $caddr" STREAM::expression {@^EHLO.*\r\n@@ @^HELO.*\r\n@@} STREAM::enable } when STREAM_MATCHED { set mstring [STREAM::match] if { $mstring contains "10.1.2.3" } { log local0. "STREAM_MATCHED: string: $mstring replaced with $caddr" STREAM::replace "Client_IP\:$caddr" STREAM::enable } }
- silver78
If i use the following code:
when CLIENT_ACCEPTED { set caddr [IP::client_addr] log local0. "Client addr: $caddr" STREAM::expression {@.*LO.*\r\n@@} STREAM::enable } when STREAM_MATCHED { set mstring [STREAM::match] log local0. "STREAM_MATCHED: string: $mstring" set replacment [string range $mstring 0 1] append replacment "LO $caddr\r\n" log local0. "STREAM_MATCHED: replacement string: $replacment" STREAM::replace "$replacment" event STREAM_MATCHED enable }i don`t have any change in the output
220 Server1 Default Frontend
HELO
250 Server1 Hello [10.1.2.3]
Oct 17 11:15:50 slot1/LB01 info tmm[17518]: Rule /Common/IP_payload_v3 <CLIENT_ACCEPTED>: Client addr: 10.4.5.6
Oct 17 11:15:53 slot1/LB01 info tmm[17518]: Rule /Common/IP_payload_v3 <STREAM_MATCHED>: STREAM_MATCHED: string: HELO
Oct 17 11:15:53 slot1/LB01 info tmm[17518]: Rule /Common/IP_payload_v3 <STREAM_MATCHED>: STREAM_MATCHED: replacement string: HELO 10.4.5.6
- boneyard
I believe you are working on the wrong side, the way you do it now you modify the request send to the mail server.
you need an event that is triggered when the server returns data, like the HTTP_RESPONSE in some examples.
