For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sathishkumar123's avatar
Sathishkumar123
Icon for Nimbostratus rankNimbostratus
Oct 15, 2017

Filter TCP payload in iRule

I am new to iRule and able to write small conditional statements. I have a simple iRule as below   when CLIENT_ACCEPTED {TCP :: collect}   when CLIENT_DATA { if { [TCP::payload] contains "Some...
application delivery
BIG-IP
iRules
Simon_Blakely's avatar
Simon_Blakely
Icon for Employee rankEmployee
Oct 15, 2017

TCP::collect can specify both the number of bytes to collect, and a number of bytes to skip before collecting

 

TCP::collect

 

Collect the specified amount of TCP payload data, after skipping the specified amount. The parameter specifies the minimum number of bytes to collect, and the parameter specifies the number of bytes to skip. The CLIENT_DATA event will be triggered when the data collection is complete, and also when the specified number of bytes have been skipped. In the latter case, there may not be any bytes yet collected ( TCP::payload is empty).

 

 

Please note the additional caveats when using skip_bytes. You may be safer using

 

TCP::collect