Forum Discussion
Rise_77519
Nimbostratus
Nimbostratusirule with diameter result code
Hi ,
I need an irule for diameter service that is based on resuld codes in AVP 286 code.AVP 286 code also includes some result codes (exmp. 2001 DIAMEMETER_SUCCESS) . I would like to take an action(allow or drop) based on these result codes when server respond to clients.I have seen some basic irule example about the AVR code and also look at http://www.f5.com/pdf/deployment-guides/diameter-load-balancing-dg.pdf but it is not related to these result codes.Need help from someone who have configured Diameter protocol by using Result Code.
nitassEmployee
port number should not matter. can you post your v10 irule here?
Rise_77519Hi Nitass, the irule is as below.I also removed the 280- 282{} default lines and replaced with 272 comcode but not changed anything. Thank you again.when SERVER_DATA { while {[TCP::payload length] > 20} { binary scan [TCP::payload] II a b set comcode [expr {$b & 0xffffff}] set mlen [expr {$a & 0xffffff}] set rflag [expr {($b >> 31) & 1}] if {!($rflag)} { switch $comcode { 280 - 282 {} default { set index 20 while {$index < $mlen} { binary scan [TCP::payload $mlen] @${index}II avp_code avp_len set avp_len [expr {$avp_len & 0xffffff}] set avp_len_pad [expr {(($avp_len + 3)/4)*4}] if {$avp_code == 268} { set avp_dlen [expr {$avp_len - 8}] binary scan [TCP::payload $mlen] @[expr {$index + 8}]I result break } incr index $avp_len_pad } } } switch $result { 5012 { log local0. "5012" } default { log local0. "others" } } } TCP::release $mlen } TCP::collect }- nitassmay we put some log command before switch $comcode to see comcode value?
if it is correct, we may put similar log command before switch $result.
e.g.if {!($rflag)} { log local0. "\$comcode: $comcode" switch $comcode { ... - Rise_77519Nitass,
I put the log command but I could not see comcode value and I could not see any avp result code value at log output.May V10 does not support or could not see some resuld code?
Thank you. - nitass
have you tried to capture packet and see what is going on?
attachment is my configuration and this is /var/log/ltm.
[root@ve1023:Active] config tail -f /var/log/ltm
Dec 26 01:17:58 local/tmm info tmm[26866]: Rule myrule : comcode: 257
Dec 26 01:17:58 local/tmm info tmm[26866]: Rule myrule : comcode: 272
Dec 26 01:17:58 local/tmm info tmm[26866]: Rule myrule : result code: 5012
Dec 26 01:17:59 local/tmm info tmm[26866]: Rule myrule : comcode: 272
Dec 26 01:17:59 local/tmm info tmm[26866]: Rule myrule : result code: 5012
Dec 26 01:18:00 local/tmm info tmm[26866]: Rule myrule : comcode: 272
Dec 26 01:18:00 local/tmm info tmm[26866]: Rule myrule : result code: 5012
Dec 26 01:18:01 local/tmm info tmm[26866]: Rule myrule : comcode: 272
Dec 26 01:18:01 local/tmm info tmm[26866]: Rule myrule : result code: 5012
Dec 26 01:18:02 local/tmm info tmm[26866]: Rule myrule : comcode: 272
Dec 26 01:18:02 local/tmm info tmm[26866]: Rule myrule : result code: 5012
Dec 26 01:18:03 local/tmm info tmm[26866]: Rule myrule : comcode: 272
Dec 26 01:18:03 local/tmm info tmm[26866]: Rule myrule : result code: 5012