Forum Discussion
atomicdog_7107
Nimbostratus
NimbostratusDoes anyone know why this wouldn't work?
Hey guys I'm trying to create an iRule to log when a specific source port hits a VS... this is what I've created.
when CLIENT_ACCEPTED {
if {[IP::addr[TCP::client_port] equals "1025"] } {
log local0.info "IP and Port: [IP::client_addr]:[TCP::client_port]"
}
}
The iRule editor says it's valid, but when I apply it to the VS it doesn't work and I see this in the logs:
Mar 23 18:32:36 local/tmm err tmm[6065]: 01220001:3: TCL error: Log_Source_Port_1025 - invalid command name "IP::addr58751" while executing "IP::addr[TCP::client_port] equals "1025""
Any suggestions? Thanks!
richard_77048Maybe just try [TCP::client_port] rather than [IP::addr[TCP::client_port]?
Richard
atomicdog_7107I thought the same thing... I tried both ways. I just ran it again to get the error...
Mar 24 15:26:38 local/tmm err tmm[6065]: 01220001:3: TCL error: Log_Source_Port_1025 - invalid command name "59539" while executing "[TCP::client_port] equals "1025""- atomicdog_7107I happened to find this thread and figured it out from that... Thanks Hoolio!
https://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/aft/1144657/showtab/groupforums/Default.aspx
I just modified it slightly and came up with this:
when CLIENT_ACCEPTED {
Check if client's source port equals 1025 and if so log IP
switch [TCP::client_port] {
"1025"
{
log local0.info "IP and Port [IP::client_addr]:[TCP::client_port]"
}
}
}
I'm still don't totally understand why the former didn't work, if anyone knows why and would like to take the time to explain it to me I sure would appreciate it. Going to read up on 'switches' now. Good Saturday night reading lol. - richard_77048It seems to work for me. I guess I should have asked what version you were using. I'd be surprised if that made a difference here but you never know.
when CLIENT_ACCEPTED { if { [TCP::client_port] equals "49562" } { log local0.debug "client: [IP::client_addr]:[TCP::client_port]" } }
Mar 25 02:08:12 local/tmm debug tmm[7030]: Rule TEST-source-port-RULE : client: xx.xx.xxx.xx:49562 - atomicdog_7107You're absolutely right man! Thanks! I don't know exactly what I missed in my iRule (unfortunately I deleted it once I got the other one working), but I copied and pasted yours and it worked like a charm. It looks exactly the same from memory... this is going to bug me now!
So... since both of these methods work... does anyone know if one is more efficient than the other or is this just a matter of there being more than one way to skin a cat? - hooleylist
Cirrostratus
'invalid command name "IP::addr58751"' was caused by not having a space between IP::addr and [TCP::client_port]. As Richard said, you wouldn't want to use IP::addr for this though as it's used for doing bitwise comparisons of IP addresses/subnets.
'invalid command name "59539"' sounds like you had two sets of square braces around TCP::client_port. [TCP::client_port] would return 59539. [[TCP::client_port]] would try to execute the port number as a command and trigger an error.
There shouldn't be a noticeable performance different between the switch and if examples. If you do use the if, you could make it slightly more exact by doing a numeric comparison instead of a string:when CLIENT_ACCEPTED { if { [TCP::client_port] == 49562 } { log local0.debug "client: [IP::client_addr]:[TCP::client_port]" } }
Aaron - atomicdog_7107Hmmm... The iRule editor doesn't have the logic to check and see if the spacing is correct? I didn't realize that.