irule with diameter result code

what version are you running? is it v10 or v11?

I am using version 10.2.

I am using version 10.2.

not sure if this is helpful?

[root@ve1023:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:3868
   ip protocol 6
   rules myrule2
   profiles {
      diameter {}
      mblb {}
      tcp {}
   }
}
[root@ve1023:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:3868 {}
}
[root@ve1023:Active] config  b rule myrule2 list
rule myrule2 {
   when SERVER_CONNECTED {
        TCP::collect
}

when SERVER_DATA {
        while {[TCP::payload length] > 20} {
                binary scan [TCP::payload] II a b
                set comcode [expr {$b & 0xffffff}]
                set mlen [expr {$a & 0xffffff}]
                set rflag [expr {($b >> 31)&1}]

                if {!($rflag)} {
                        switch $comcode {
                                280 -
                                282 {}
                                default {
                                        set index 20
                                        while {$index < $mlen} {
                                                binary scan [TCP::payload $mlen] @${index}II avp_code avp_len
                                                set avp_len [expr {$avp_len & 0xffffff}]
                                                set avp_len_pad [expr {(($avp_len + 3)/4)*4}]
                                                if {$avp_code == 268} {
                                                        set avp_dlen [expr {$avp_len - 8}]
                                                        binary scan [TCP::payload $mlen] @[expr {$index + 8}]I result
                                                        break
                                                }
                                                incr index $avp_len_pad
                                        }
                                }
                        }

                        switch $result {
                                2001 { log local0. "2001" }
                                default { log local0. "others" }
                        }
                }
                TCP::release $mlen
        }
        TCP::collect
}
}

[root@ve1023:Active] config  tail /var/log/ltm
Nov 30 10:52:27 local/tmm info tmm[23027]: Rule myrule2 : 2001
Nov 30 10:52:27 local/tmm info tmm[23027]: Rule myrule2 : 2001
Nov 30 10:52:28 local/tmm info tmm[23027]: Rule myrule2 : 2001
Nov 30 10:52:29 local/tmm info tmm[23027]: Rule myrule2 : 2001
Nov 30 10:52:30 local/tmm info tmm[23027]: Rule myrule2 : 2001
Nov 30 10:52:31 local/tmm info tmm[23027]: Rule myrule2 : 2001
Nov 30 10:52:32 local/tmm info tmm[23027]: Rule myrule2 : 2001
Nov 30 10:52:33 local/tmm info tmm[23027]: Rule myrule2 : 2001
Nov 30 10:52:34 local/tmm info tmm[23027]: Rule myrule2 : 2001
Nov 30 10:52:35 local/tmm info tmm[23027]: Rule myrule2 : 2001

Hi Nitass,

 

Thank you for your helps. There are some error lines in the irule. I think that it is related the amp value but I could not understand what is root cause of the issue. I am attaching the screenshot of the error.

 

Thank you again.

The forum code parser converts "&" to "& amp ;". Can you replace the "& amp ;" instances with &.

 

 

Aaron

Hi,

 

I replaced the & instance with & and I can apply the irule but the irule did not blocked the avp code. We would like to drop the result code 5012 ( CCA 272). I have seen a messages it was responded by Nitass who said that " i have not found command to silently drop CCA message." this mean this irule could not drop result code 5012 .Also I can upgrade the device from v10 to v11.I have seen another irule was written as V11.I can upgrade software to V11 if you tested before.

 

Thank you..

 

 

ltm rule myrule {

 

when DIAMETER_INGRESS {

 

if {[DIAMETER::is_response]} {

 

log local0. "[IP::remote_addr]:[TCP::remote_port]>[IP::local_addr]:[TCP::local_port]|[DIAMETER::result]"

 

switch [DIAMETER::result] {

 

5012 { DIAMETER::drop }

 

}

 

}

 

}

 

 

I have seen a messages it was responded by Nitass who said that " i have not found command to silently drop CCA message." this mean this irule could not drop result code 5012 .if you do not mind to drop or reject tcp connection (not a message), you can use drop or reject command.

 

 

Also I can upgrade the device from v10 to v11.I have seen another irule was written as V11.I can upgrade software to V11 if you tested before. v11 has introduced a number of new DIAMETER:: commands. it would be great if you can upgrade to v11.

 

 

let us know if there is any problem. cheer!

to silently drop any TCP data in iRule, you can use the following simple technique

 

 

TCP::payload replace 0 ""

 

 

this command basically replace TCP payload with empty string

 

after this command you may also skip the TCP::release

 

 

anyway, as Nitass suggested, upgrading to v11 is a much better option.

 

 

Nat

Hi Nitass,

 

Thank you for your helps!I can test and drop the avp result code (5012) as V11. But I could not see any log output when I tried with V10.I changed the comcode section of the irule as 272 instead of 280, 282 and " default"line and again tested because we are using 272 but i still could not see any log output.we are using different port number on the server side instead of diameter port and we are not able to change server side port number. I just curious that should i use diameter port number at server side in v10?

 

Regards,