Forum Discussion

Ben_Efrati's avatar
Ben_Efrati
Icon for Nimbostratus rankNimbostratus
May 04, 2023

iRule table usage in FLOW_INIT event

Hi,

According to https://clouddocs.f5.com/api/irules/table.html

table command is valid for all events except RULE_INIT

Valid Events:

ALL, except RULE_INIT

I'm trying to use table command in FLOW_INIT event but always get empty value, while at CLIENT_ACCEPTED event the table return non empty value.

 

 

when FLOW_INIT {
  set srcip [IP::client_addr]
  set test_ip [table lookup -subtable "blacklist" $srcip] 
  log local0. "$srcip , table value: $test_ip"
}

 

 

log is "192.0.0.1 , table value: "

while same code in CLIENT_ACCEPTED event 

 

 

when CLIENT_ACCEPTED{
  set srcip [IP::client_addr]
  set test_ip [table lookup -subtable "blacklist" $srcip] 
  log local0. "$srcip , table value: $test_ip"
}

 

 

 log is "192.0.0.1 , table value: block"

 

Thanks

  • Hi Ben_Efrati, I checked the table source file documentation and there is nothing there that leaves out FLOW_INIT, however, I believe that's an oversight given the details on the FLOW_INIT event:

     
    This event is triggered (once for TCP and unique UDP/IP flows) after packet filters, but before any AFM and TMM work occurs. The use cases for this event are:
    • Override ACL action
    • Bandwidth control on both client/server flows
    • Routing to another Vip
    • Marking qos tos/dscp on both client/server flows

    I confirmed in my own local test that I am seeing the same behavior as you. You could open a case to get official confirmation, but I'm pretty confident you'll need to perform your lookups in CLIENT_ACCEPTED or later.