Forum Discussion
Check for String in TCP Payload from a specific position
Hi Guys,
I’m new here, as well as with F5 systems. Though basic load balancing is okay, I have this requirement where I believe iRules would be of big help. From the TCP payload, I need to base my load balancing from a specific 6-byte information in a specific position.
Here’s a sample payload, I need to search (underlined) info, to know (in string) if this is 000001 and decide load balancing from there. In some cases, the data here can be random characters, null, or zeros like the one below.
0000 00 15 17 48 5d fc 00 50 56 9f 0f 2b 08 00 45 00 ...H]..P V..+..E.
0010 01 2a 5b 1e 40 00 80 06 c2 b1 0a 08 06 12 d0 e0 .*[.@... ........
0020 fb 03 27 61 12 ae bd 85 05 bb 3f e8 5a 37 50 18 ..'a.... ..?.Z7P.
0030 fa 36 f3 f8 00 00 01 00 31 34 31 30 30 30 30 30 .6...... 14100000
0040 30 30 30 30 30 30 31 38 38 38 38 38 38 30 30 35 00000018 88888005
0050 30 30 30 30 30 30 30 37 30 32 30 31 30 30 30 37 00000007 02010007
0060 20 20 37 30 32 36 36 36 36 37 37 30 31 30 30 30 702666 67701000
0070 30 30 30 31 39 34 23 10 02 30 01 01 02 00 00 02 000194. .0......
0080 08 03 06 15 49 00 00 00 00 02 09 20 12 08 03 14 ....I... ... ....
0090 21 42 03 05 09 07 02 01 00 07 88 00 01 54 71 00 !B...... .....Tq.
00a0 97 f4 c0 dd 58 15 30 30 30 30 30 31 38 38 38 38 ....X.00 00018888
00b0 38 38 30 30 35 36 36 36 36 37 37 30 31 20 20 20 88005666 67701
00c0 20 20 20 20 20 01 01 07 56 00 00 00 00 07 80 02 ... V.......
00d0 04 00 00 00 78 02 32 30 30 37 37 31 31 43 45 30 ....x.20 07711CE0
00e0 37 33 32 30 30 44 37 31 36 32 30 31 32 30 38 30 73200D71 62012080
00f0 33 31 34 32 31 34 32 04 00 00 01 28 17 00 15 30 3142142. ...(...0
0100 30 30 30 35 33 38 38 38 38 38 38 30 30 35 36 36 00053888 88800566
0110 36 36 37 37 30 39 20 20 20 20 20 20 20 20 00 00 667709 ..
0120 00 43 48 46 33 2e 34 39 30 30 30 30 02 07 02 00 .CHF3.49 0000....
0130 00 00 00 00 00 02 07 56 .......V
We’ve did the basic iRule below but obviously does not work on all transactions:
when CLIENT_ACCEPTED {
TCP::collect 15
}
when CLIENT_DATA {
if { [TCP::payload 15] contains "000001" } {
pool Pool1
} else {
pool Pool2
}
TCP::release
}
Any help would be appreciated and thanks in advance.
- HamishCirrocumulusIf you have a look at the FIX iRule from codeshare (I think Nathan did it didn't he?) it does pretty much what you want (Albeit for FIX traffic). That's at
- rahtoll_74678NimbostratusThank you for your response. I'm not sure if the link you provided would be related or would be the closest answer as what i just want to do is to read the 6 bytes on this specific position and try to confirm if it is the match i'm looking for. Like for example, from the TCP payload, i would skip 5 bytes which would be random characters, and start reading only for the next 6 bytes after this? Thanks again.
- Michael_YatesNimbostratusHi rahtoll,
- hooleylistCirrostratusThat's a novel idea Michael, but I think it would have an unintended consequence of passing some of the data through on the serverside before parsing the full request payload.
when RULE_INIT { Encode the raw bytes in base64 to test set bytes_b64 "ABUXSF38AFBWnw8rCABFAAEqWx5AAIAGwrEKCAYS0OD7AydhEq69hQW7P+haN1AY+jbz+AAAAQAxNDEwMDAwMDAwMDAwMDE4ODg4ODgwMDU=" log local0. "\$bytes_b64: $bytes_b64" set bytes_raw [b64decode $bytes_b64] log local0. "\$bytes_raw: $bytes_raw" Skip 59 bytes into the payload and save the next 6 bytes to $match binary scan $bytes_raw x59a6 match log local0. "\$match: $match" }
- hooleylistCirrostratusHere's what I'm thinking could work for your scenario:
when CLIENT_ACCEPTED { Collect at least 65 bytes if the bytes to parse are 59-65 TCP::collect 65 } when CLIENT_DATA { use pool2 by default pool Pool2 Start reading at the 59th byte and save 6 characters to $match if {[binary scan $bytes_raw x59a6 match] == 1}{ log local0. "Matched $match" if { $match eq "000001" } { pool Pool1 } } TCP::release }
- rahtoll_74678NimbostratusHi Michael / Aaron,
- Michael_YatesNimbostratus
- rahtoll_74678NimbostratusJust for update, I have modified the iRule to the one below and so far our simulation tests ended up to be positive and met the desired results! The payload actually starts at x56, so i just attempted this irule initially:
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com