Facing issue with "binary scan" and or "expr" functions on RADIUS iRule

Question

Good day all,
I've created an iRule that mimics RADIUS server functionality in the event the backend RADIUS servers are offline. This snippet of the iRule iterates through the RADIUS ACCEPT-REQUEST packet peeling off each attribute type, length and value. When I get to the fourth attribute, I can grab the ID ($attr_id_cli) and length ($attr_len_cli) but fail on acquiring the value ($attr_val_cli).
when CLIENT_DATA {

binary scan [UDP::payload] cH2SH32a* code_cli ident_cli len_cli auth_cli attr_cli

binary scan $attr_cli cc user_cli user_len_cli
    binary scan $attr_cli @2a$user_len_cli user_val_cli

binary scan $attr_cli @[expr {$user_len_cli}]cc pass_cli pass_len_cli
    binary scan $attr_cli @[expr {$user_len_cli + $pass_len_cli}]a[expr {$pass_len_cli}] pass_val_cli

binary scan $attr_cli @[expr {$user_len_cli + $pass_len_cli}]cc service_cli service_len_cli
    binary scan $attr_cli @[expr {$user_len_cli + $pass_len_cli}]a[expr {$service_len_cli} service_val_cli

binary scan $attr_cli @[expr {$user_len_cli + $pass_len_cli + $service_len_cli}]cc attr_cli attr_len_cli
    binary scan $attr_cli @[expr {$user_len_cli + $pass_len_cli + $service_len_cli}]a[expr {$attr_len_cli}] attr_val_cli

log local0. "atv id: $attr_cli"
    log local0. "atv len: $attr_len_cli"
    log local0. "atv val: $attr_val_cli"

}

I'm not sure if the expr function is my issue:
binary scan $attr_cli @[expr {$user_len_cli + $pass_len_cli + $service_len_cli}]a[expr {$attr_len_cli}] attr_val_cli
/var/log/ltm yields the following error:
Jun  7 13:11:26 slot1/MED-F5-SLB1 err tmm[17571]: 01220001:3: TCL error: /Common/CP  - can't read "attr_val_cli": no such variable     while executing "log local0. "atv val: $attr_val_cli""
Full logs from /var/log/ltm below:
Jun  7 12:58:23 slot1/MED-F5-SLB1 info tmm[17571]: Rule /Common/CP : user: 1
Jun  7 12:58:23 slot1/MED-F5-SLB1 info tmm[17571]: Rule /Common/CP : user len: 8
Jun  7 12:58:23 slot1/MED-F5-SLB1 info tmm[17571]: Rule /Common/CP : user val: f5user
Jun  7 12:58:23 slot1/MED-F5-SLB1 info tmm[17571]: Rule /Common/CP : pass: 2
Jun  7 12:58:23 slot1/MED-F5-SLB1 info tmm[17571]: Rule /Common/CP : pass len: 18
Jun  7 12:58:23 slot1/MED-F5-SLB1 info tmm[17571]: Rule /Common/CP : pass val: ▒▒▒Wtty2=▒▒▒
Jun  7 12:58:23 slot1/MED-F5-SLB1 info tmm[17571]: Rule /Common/CP : service: 5
Jun  7 12:58:23 slot1/MED-F5-SLB1 info tmm[17571]: Rule /Common/CP : service len: 6
Jun  7 12:58:23 slot1/MED-F5-SLB1 info tmm[17571]: Rule /Common/CP : service val: ▒▒▒
Jun  7 12:58:23 slot1/MED-F5-SLB1 info tmm[17571]: Rule /Common/CP : atv: 87
Jun  7 12:58:23 slot1/MED-F5-SLB1 info tmm[17571]: Rule /Common/CP : atv len: 6
Jun  7 12:58:23 slot1/MED-F5-SLB1 err tmm[17571]: 01220001:3: TCL error: /Common/CP  - can't read "attr_val_cli": no such variable     while executing "log local0. "atv val: $attr_val_cli""

stanislas_piro2 · Answer

Look at this code to decode radius request &nbsp;

Forum Discussion

Facing issue with "binary scan" and or "expr" functions on RADIUS iRule

Recent Discussions

Http / https health monitor issue

F5-SDK Get GTM Pool Server, Virtual Server, Unused Objects, and JSON Conversion for Data Processing

F5 DNS Generic Host

How do I create a traffic log for two different route domains?

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

What exactly does "tmsh save sys config binary" do?

Importing vulnerability scan XML results into an "auto policy builder" plicy

AV Last Scan within "x" days instead of static date

Advanced iRules: Getting Started with iRules Procedures

Re: Capture all HTTP response headers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS