Forum Discussion

DamP_320463's avatar
DamP_320463
Icon for Nimbostratus rankNimbostratus
Jul 24, 2017

iRule event for established connections

Hi DevCentral,

 

I would like to know if someone can help me to identify an iRule event that will trigger every time for :

 

  • New TCP Connections
  • New traffic for Existing TCP Connections

Basically, I need to extend a table entry timeout ( table timeout -subtable XXX $clientip 14400 ) if there is any traffic on that specific VS (I have two VSs one on port 3389 and one on port 22)

 

Thanks in advance,

 

M.

 

application delivery
LTM
security

1 Reply

Sort By
  • DamP_320463's avatar
    DamP_320463
    Icon for Nimbostratus rankNimbostratus
    Jul 24, 2017

    I figured out that the only event that can trigger this kind of behaviour is "CLIENT_DATA" event that I need to trigger using TCP::collect.

     

    Than I tried to match for a specific protocol pattern (COTP) but it seems that "table timeout" and "table set" are not working in this event. Someone have any idea/suggestion about that? Thanks.

     

    Below the iRule used:

     

    when CLIENT_ACCEPTED {
set clientip [IP::client_addr]
TCP::collect 10
log local0. "DEMO L4 iRule triggered"
if { [table lookup -subtable XXX $clientip] == "" } {
     log local0. "DEMO Client IP $clientip NOT Authorized"
     reject
 } else {
         table timeout  -subtable XXX $clientip 14400
         log local0. "DEMO Client IP $clientip AUTHORIZED" 
 }
}

when CLIENT_DATA {
TCP::collect 10
set payload [TCP::payload]

  The hexbinary code we want to decode is stored in $payload
        
         format string for hexdump output
        
        set p 0     ; buf ptr
        set sl [string length $payload]
        set inPkt "\n\n"
        while { $p < $sl } {
            set s [string range $payload $p [expr {$p+16}] ]
            binary scan $s H*@0a* hex ascii
            regsub -all -- {[^[:graph:] ]} $ascii {.} ascii
            set hex1   [string range $hex   0 15]
            set hex2   [string range $hex  16 31]
            set ascii1 [string range $ascii 0  7]
            set ascii2 [string range $ascii 8 15]
             Convert the hex to pairs of hex digits
            regsub -all -- {..} $hex1 {& } hex1
            regsub -all -- {..} $hex2 {& } hex2
            append inPkt "[format {%08x  %-24s %-24s %-8s %-8s} $p $hex1 $hex2 $ascii1 $ascii2]\n"
            set p [expr {$p + 16}]
        }
        
        puts "Input PKT: $inPkt"            ; print the output to /var/log/tmm
       log local0. "DEMO PAYLOAD $inPkt"
       TCP::release
       if { $inPkt contains "02 f0 80"} { 
        table timeout -subtable XXX $clientip 14400
       table set -subtable XXX $clientip 14400 0
       log local0. "DEMO MATCH!"
       }

TCP::collect
}