Forum Discussion
David_McCulloch
Nimbostratus
Nimbostratusdoing ssl persistance within socks protocol
Vilnis Asars from f5 recommended I posted a question here.
I have a bigip 9 box and I'd like to do ssl persistance within socks v5 protocol(http://www.faqs.org/rfcs/rfc1928.html). FYI. In big ip v3.3 ptf05 you actually had this feature already builtin.. I know that version is really old and is long gone so maybe this will help you..
I'm using aventail's socks5 version 5 server and client which proxies ssl v3.0 traffic within the socks proxy. When I use the standard ssl persistance I don't see the traffic being sent through the big ip. Using source ip based persistance works. However using ssl persistance within socks packets is what I need. So I take it I need some help in writing iRules. I tried to include a tcpdump attachment but I get an error when posting. If you want the tcpdump I can send to you.
To summarise after the standard socks connect and responses(packets 4 and 5 and 40 and 41) the socks header starts with the bytes 01 01 00 and the number of bytes to follow. In packet 7 the number of bytes to follow is 3e for example:
After this you should see standard ssl handshake traffic.
Hopefully this is enough to you started in helping me write and iRules filter.
Appreciate your help
Regards,
David McCulloch
Sr. Integration Engineer
Netifice Communications
206 438 7572
- Dave, you may want to check out the following postings. They should have enough examples to get you started.
Click here
Click here
Let us know if you need any more info mate.
Gday! 
David_McCullochG'day guys,
First time doing this and both of these don't help me much. I need to read binary data and both examples end up dealing with text strings.
Any way to create a iRule that checks for the socks packet and if socks packet treat the rest of the data as an ssl packet and thefore perform ssl persistance on this.
Sample hex and ascii socks packet:
.
0030 22 38 84 cc 00 00 01 01 00 4e 16 03 00 00 49 01 "8.......N....I.
0040 00 00 45 03 00 42 5c 4d 93 eb 2a 02 1c cc c6 9c ..E..B\M..*.....
0050 86 b7 be 84 49 f7 e3 18 ae ea 73 a5 f8 2a 19 db ....I.....s..*..
0060 fe e6 dc 2d 25 10 03 1d b9 fc 61 9b fa 51 88 02 ...-%.....a..Q..
0070 4f 9c 88 b4 c6 00 00 0e 00 04 00 05 00 0a 01 01 O...............
0080 00 09 00 03 00 08 01 00 ........
Where:
01 01 00 4e = SOCKS header, handshaking, 4e bytes of data to follow
16 03 00 00 49 = SSL v3.0 handshake header, 49 bytes of data to follow
01 = client-hello
>0040 00 00 45 03 00 42 5c 4d 93 eb 2a 02 1c cc c6 9c ..E..B\M..*.....
00 00 45 = 45 bytes of data to follow
03 00 = SSL 3.0
>0050 86 b7 be 84 49 f7 e3 18 ae ea 73 a5 f8 2a 19 db ....I.....s..*..
>0060 fe e6 dc 2d 25
end of nonce data
10 03 1d b9 fc 61 9b fa 51 88 02 ...-%.....a..Q..
10 = length of SSL session ID to resume
03 1d b9 fc 61 9b fa 51 88 02 4f 9c 88 b4 c6 00 = session ID
which the client is asking to resume
>0070 4f 9c 88 b4 c6 00 00 0e 00 04 00 05 00 0a 01 01 O...............
>0080 00 09 00 03 00 08 01 00 ........
So in this example want to persist on ssl session id = 03 1d b9 fc 61 9b fa 51 88 02 4f 9c 88 b4 c6 00
David- After the data is collected, you can parse it using the binary scan command. http://tmml.sourceforge.net/doc/tcl/binary.html
