For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

wenhu_Tang_7610's avatar
wenhu_Tang_7610
Icon for Nimbostratus rankNimbostratus
Jul 26, 2005

iRules for TCP break up

Hi,     I want to write an iRules to route a TCP packet according to the payload of the packet, but I fail, could you tell whether it is possible and how to achive?     my iRules:   whe...
application delivery
dev
devops
iRules
david_wang_2073's avatar
david_wang_2073
Historic F5 Account
Jul 31, 2005
I tested following irule, it should work. Here if the payload contain 4, the request will be directed to the 192.168.2.200:3434, otherwise will be directed to the default pool.


when CLIENT_ACCEPTED {
  set index0 1
  TCP::collect
  log local0. "client_accepted"
}
when CLIENT_DATA {
  log local0. "client_data to be realesae [TCP::payload]"
  if { [TCP::payload] contains "4" } {
    log local0. "contain 4"
    use node "192.168.2.200" "3434"
  }
  TCP::release
  TCP::collect
  log local0. "client data collect after release [TCP::payload]  --length [TCP::payload length]"
}
when SERVER_CONNECTED {
  TCP::collect
  log local0. "server connected"
}
when SERVER_DATA {
  if { $index0 == 10 } { 
    log local0. " idnex0 = 10 "
  }
  log local0. "release server data [TCP::payload]  --length [TCP::payload length]"
 
  TCP::release
 
  TCP::collect
  log local0. "collect after release server data [TCP::payload]  --length [TCP::payload length]"
  TCP::notify response
  log local0. "notity response"
}
when USER_RESPONSE {
  log local0. "detach"
  LB::detach
}

From the output of tcpdump, it can be found that each LB::detach will lead the connection to the node was terminated:

[root@www:Active] config tcpdump -i internal -n port 3434

tcpdump: listening on internal

03:58:50.212175 192.168.0.105.rfe > 192.168.2.11.3434: S 257489860:257489860(0) win 4380 (DF)

03:58:50.212313 192.168.2.11.3434 > 192.168.0.105.rfe: S 2250864482:2250864482(0) ack 257489861 win 17520 (DF)

03:58:50.212321 192.168.0.105.rfe > 192.168.2.11.3434: . ack 1 win 4380 (DF)

03:58:50.212334 192.168.0.105.rfe > 192.168.2.11.3434: P 1:10(9) ack 1 win 4380 (DF)

03:58:50.215249 192.168.2.11.3434 > 192.168.0.105.rfe: P 1:16(15) ack 10 win 17511 (DF)

03:58:50.215354 192.168.0.105.rfe > 192.168.2.11.3434: F 10:10(0) ack 16 win 4395 (DF)

03:58:50.215465 192.168.2.11.3434 > 192.168.0.105.rfe: . ack 11 win 17511 (DF)

03:58:50.216364 192.168.2.11.3434 > 192.168.0.105.rfe: F 16:16(0) ack 11 win 17511 (DF)

03:58:50.216378 192.168.0.105.rfe > 192.168.2.11.3434: . ack 17 win 4395 (DF)

03:58:51.225556 192.168.0.105.rfe > 192.168.2.10.3434: S 3886683331:3886683331(0) win 4380 (DF)

03:58:51.225690 192.168.2.10.3434 > 192.168.0.105.rfe: S 1671924508:1671924508(0) ack 3886683332 win 17520 (DF)

03:58:51.225698 192.168.0.105.rfe > 192.168.2.10.3434: . ack 1 win 4380 (DF)

03:58:51.225711 192.168.0.105.rfe > 192.168.2.10.3434: P 1:10(9) ack 1 win 4380 (DF)

03:58:51.227084 192.168.2.10.3434 > 192.168.0.105.rfe: P 1:16(15) ack 10 win 17511 (DF)

03:58:51.227154 192.168.0.105.rfe > 192.168.2.10.3434: F 10:10(0) ack 16 win 4395 (DF)

03:58:51.227252 192.168.2.10.3434 > 192.168.0.105.rfe: . ack 11 win 17511 (DF)

03:58:51.227871 192.168.2.10.3434 > 192.168.0.105.rfe: F 16:16(0) ack 11 win 17511 (DF)

03:58:51.227876 192.168.0.105.rfe > 192.168.2.10.3434: . ack 17 win 4395 (DF)

03:58:52.233052 192.168.0.105.rfe > 192.168.2.11.3434: S 259607868:259607868(0) win 4380 (DF)

03:58:52.233190 192.168.2.11.3434 > 192.168.0.105.rfe: S 2251487837:2251487837(0) ack 259607869 win 17520 (DF)

03:58:52.233199 192.168.0.105.rfe > 192.168.2.11.3434: . ack 1 win 4380 (DF)

03:58:52.233211 192.168.0.105.rfe > 192.168.2.11.3434: P 1:10(9) ack 1 win 4380 (DF)

03:58:52.234692 192.168.2.11.3434 > 192.168.0.105.rfe: P 1:16(15) ack 10 win 17511 (DF)

03:58:52.234809 192.168.0.105.rfe > 192.168.2.11.3434: F 10:10(0) ack 16 win 4395 (DF)

03:58:52.234919 192.168.2.11.3434 > 192.168.0.105.rfe: . ack 11 win 17511 (DF)

03:58:52.235535 192.168.2.11.3434 > 192.168.0.105.rfe: F 16:16(0) ack 11 win 17511 (DF)

03:58:52.235541 192.168.0.105.rfe > 192.168.2.11.3434: . ack 17 win 4395 (DF)

03:58:53.241064 192.168.0.105.rfe > 192.168.2.200.3434: S 270953496:270953496(0) win 4380 (DF)

03:58:53.241202 192.168.2.200.3434 > 192.168.0.105.rfe: S 1711048981:1711048981(0) ack 270953497 win 17520 (DF)

03:58:53.241211 192.168.0.105.rfe > 192.168.2.200.3434: . ack 1 win 4380 (DF)

03:58:53.241224 192.168.0.105.rfe > 192.168.2.200.3434: P 1:10(9) ack 1 win 4380 (DF)

03:58:53.243293 192.168.2.200.3434 > 192.168.0.105.rfe: P 1:16(15) ack 10 win 17511 (DF)

03:58:53.243422 192.168.0.105.rfe > 192.168.2.200.3434: F 10:10(0) ack 16 win 4395 (DF)

03:58:53.243531 192.168.2.200.3434 > 192.168.0.105.rfe: . ack 11 win 17511 (DF)

03:58:53.244141 192.168.2.200.3434 > 192.168.0.105.rfe: F 16:16(0) ack 11 win 17511 (DF)

03:58:53.244149 192.168.0.105.rfe > 192.168.2.200.3434: . ack 17 win 4395 (DF)

03:58:54.275059 192.168.0.105.rfe > 192.168.2.10.3434: S 3889879731:3889879731(0) win 4380 (DF)

03:58:54.275191 192.168.2.10.3434 > 192.168.0.105.rfe: S 1672800708:1672800708(0) ack 3889879732 win 17520 (DF)

03:58:54.275199 192.168.0.105.rfe > 192.168.2.10.3434: . ack 1 win 4380 (DF)

03:58:54.275212 192.168.0.105.rfe > 192.168.2.10.3434: P 1:10(9) ack 1 win 4380 (DF)

03:58:54.277161 192.168.2.10.3434 > 192.168.0.105.rfe: P 1:16(15) ack 10 win 17511 (DF)

03:58:54.277261 192.168.0.105.rfe > 192.168.2.10.3434: F 10:10(0) ack 16 win 4395 (DF)

03:58:54.277371 192.168.2.10.3434 > 192.168.0.105.rfe: . ack 11 win 17511 (DF)

03:58:54.278398 192.168.2.10.3434 > 192.168.0.105.rfe: F 16:16(0) ack 11 win 17511 (DF)

03:58:54.278413 192.168.0.105.rfe > 192.168.2.10.3434: . ack 17 win 4395 (DF)

But I was told, by setting the virtual server with oneconnect profile, the connection to the node can be retained. I have not get time to try it.