Forum Discussion

Wangzixuan_3147's avatar
Wangzixuan_3147
Icon for Nimbostratus rankNimbostratus
May 21, 2018

irule read from TCP option

irule-1 works well

when LB_SELECTED {
  set src_cli_addr [IP::client_addr]
  snatpool SNAT_10.128.10.88
}

when SERVER_CONNECTED {
     scan $src_cli_addr {%d.%d.%d.%d} e b c d 
    TCP::option set 28 [binary format cccc $e $b $c $d] all
    set tcp_option_content [binary format cccc $e $b $c $d]
    log local0. "insert tcp option is $tcp_option_content"
    binary scan $tcp_option_content H* cli_addr_H   
    log local0. "source_ip is $cli_addr_H" 
}

irule-2 can not read the date from tcp option 28

when CLIENT_ACCEPTED { 
TCP::collect 
}
when CLIENT_DATA { 
set option_cli_addr [TCP::option get 28]
log local0. "option_cli_addr is: $option_cli_addr"
 binary scan $option_cli_addr H* addr
  scan $addr "%2x%2x%2x%2x" ip1 ip2 ip3 ip4
 log local0. "$ip1-$ip2-$ip3-$ip4"
  set src_cli_addr "$ip1.$ip2.$ip3.$ip4"
  log local0. "cli-addr is $src_cli_addr"
  snatpool SNAT_10.128.10.88
  TCP::release
}
  • I found an irule to insert the client address into TCP option , which can meet the requirements through the capture package. There is also an irule to verify that you can read the field in TCP option and print it to the log, but find that the irule will be misreported. Please help to see, where is the problem?

     

  • THE ERROR LOG IS: May 20 23:14:49 bigip1 info tmm[10405]: Rule /Common/irule-tcp-optin28-yanzhen : option_cli_addr is: May 20 23:14:49 bigip1 err tmm[10405]: 01220001:3: TCL error: /Common/irule-tcp-optin28-yanzhen - can't read "ip1": no such variable while executing "log local0. "$ip1-$ip2-$ip3-$ip4"" May 20 23:14:49 bigip1 info tmm1[10405]: Rule /Common/irule-tcp-optin28-yanzhen : option_cli_addr is: May 20 23:14:49 bigip1 err tmm1[10405]: 01220001:3: TCL error: /Common/irule-tcp-optin28-yanzhen - can't read "ip1": no such variable while executing "log local0. "$ip1-$ip2-$ip3-$ip4"" May 20 23:15:34 bigip1 info tmm1[10405]: Rule /Common/irule-tcp-optin28-yanzhen : option_cli_addr is:

     

  • Did you create your own TCP profile with option 28 allowed?

    create ltm profile tcp profile_name tcp-options-28 "{28 first}"