Forum Discussion
David_McCulloch
Nimbostratus
Nimbostratusdoing ssl persistance within socks protocol
Vilnis Asars from f5 recommended I posted a question here.
I have a bigip 9 box and I'd like to do ssl persistance within socks v5 protocol(http://www.faqs.org/rfcs/rfc1928.html). FYI. ...
David_McCullochNimbostratus
NimbostratusG'day guys,
First time doing this and both of these don't help me much. I need to read binary data and both examples end up dealing with text strings.
Any way to create a iRule that checks for the socks packet and if socks packet treat the rest of the data as an ssl packet and thefore perform ssl persistance on this.
Sample hex and ascii socks packet:
.
0030 22 38 84 cc 00 00 01 01 00 4e 16 03 00 00 49 01 "8.......N....I.
0040 00 00 45 03 00 42 5c 4d 93 eb 2a 02 1c cc c6 9c ..E..B\M..*.....
0050 86 b7 be 84 49 f7 e3 18 ae ea 73 a5 f8 2a 19 db ....I.....s..*..
0060 fe e6 dc 2d 25 10 03 1d b9 fc 61 9b fa 51 88 02 ...-%.....a..Q..
0070 4f 9c 88 b4 c6 00 00 0e 00 04 00 05 00 0a 01 01 O...............
0080 00 09 00 03 00 08 01 00 ........
Where:
01 01 00 4e = SOCKS header, handshaking, 4e bytes of data to follow
16 03 00 00 49 = SSL v3.0 handshake header, 49 bytes of data to follow
01 = client-hello
>0040 00 00 45 03 00 42 5c 4d 93 eb 2a 02 1c cc c6 9c ..E..B\M..*.....
00 00 45 = 45 bytes of data to follow
03 00 = SSL 3.0
>0050 86 b7 be 84 49 f7 e3 18 ae ea 73 a5 f8 2a 19 db ....I.....s..*..
>0060 fe e6 dc 2d 25
end of nonce data
10 03 1d b9 fc 61 9b fa 51 88 02 ...-%.....a..Q..
10 = length of SSL session ID to resume
03 1d b9 fc 61 9b fa 51 88 02 4f 9c 88 b4 c6 00 = session ID
which the client is asking to resume
>0070 4f 9c 88 b4 c6 00 00 0e 00 04 00 05 00 0a 01 01 O...............
>0080 00 09 00 03 00 08 01 00 ........
So in this example want to persist on ssl session id = 03 1d b9 fc 61 9b fa 51 88 02 4f 9c 88 b4 c6 00
David
