Forum Discussion

tbeach_322093's avatar
tbeach_322093
Icon for Nimbostratus rankNimbostratus
Sep 04, 2018

Logs filling up as side effect of NAC iRule.

We added the an irule (found on DevCentral) when we enabled NAC. The irule works though we get the unwanted side effect of the logs completely filling up with the error:   " TCL error: /MLB-RSC-AA...
application delivery
BIG-IP
devops
iRules
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Sep 06, 2018

Can you try this code:

 

the original code was converting first to hexadecimal, to convert back to binary, or to integer...

 

 DHCP Option Field Parser rev 0.4 (2018/09/06)

   Written By:  Shun Takahashi 
   Updated By: Stanislas PIRON

   Original By: Jun Chen (j.chen at f5.com)
   Original At: https://devcentral.f5.com/community/group/aft/25727/asg/50

   Description: iRule to demonstrate how tocapture and binary scan UDP payload
                and store them into session table for logging enrichment and
                intelligent traffic steering decision. 

                RFC2131 defines DHCP packet structure. This irule is to scan 
                UDP payload and store information into session tables with
                your_ip as a key.

                All the option and value is stored into following session table.

                          [tabe set -subtable   ]
                                                   
   Requirement: The rule requires virtual server to listen on DHCP traffic in the
                middle either in inline or out of band.

                1) In-Line to DHCP traffic

                          profile udp udp_dhcp {
                              allow-no-payload disabled
                              app-service none
                              datagram-load-balancing disabled
                              idle-timeout immediate
                              ip-tos-to-client 0
                              link-qos-to-client 0
                              proxy-mss disabled
                          }

                          ltm virtual vs_dhcp {
                              destination 0.0.0.0:bootps
                              ip-protocol udp
                              mask any
                              profiles {
                                  udp_dhcp { }
                              } 
                              rules {
                                  dhcp_sampler
                              }
                              source 0.0.0.0/0
                              translate-address disabled
                              vlans {
                                  local
                              }
                              vlans-enabled
                          }

                2) Receiving mirrored DHCP stream

   References:  RFC 2132 DHCP Options and BOOTP Vendor Extensions
                RFC 1533 DHCP Options and BOOTP Vendor Extensions (Obsolated)
                RFC 4702 The Dynamic Host Configuration Protocol (DHCP) Client
                         Fully Qualified Domain Name (FQDN) Option

timing off
when RULE_INIT {
    set static::MSGTYPE_LIST {"DHCP_DISCOVER" "DHCP_OFFER" "DHCP_REQUEST" "DHCP_DECLINE" "DHCP_ACK" "DHCP_NAK" "DHCP_RELEASE" "DHCP_INFORM" "NO_MATCH\(9\)" "DHCP_LEASE_QUERY" "DHCP_LEASE_UNASSIGNED" "DHCP_LEASE_UNKNOWN" "DHCP_LEASE_ACTIVE"}
     Rule Name and Version shown in the log
    set static::RULE_NAME "Simple DHCP Parser v0.4"
    set static::RULE_ID   "dhcp_parser"
}
when CLIENT_ACCEPTED priority 100 {
     0: No Debug Logging 1: Debug Logging
    set DBG 1

     Using High-Speed Logging in thie rule
    set log_prefix   "\[$static::RULE_ID\]([IP::client_addr])"
    set log_prefix_d "$log_prefix\(debug\)"
}


when CLIENT_DATA {

    if {$DBG} {log local0.debug "$log_prefix_d  ***** iRule: $static::RULE_NAME executed *****"}
    if {[UDP::payload length] >= 240 } {
         BOOTP
        binary scan [UDP::payload] ccccH8SB16a4a4a4a4a16a64a128H8a* msg_type hw_type hw_len hops transaction_id seconds \
            bootp_flags ciaddr yiaddr siaddr giaddr chaddr server_host_name_bin boot_file_bin magic_cookie dhcp_options



        binary scan $chaddr H2H2H2H2H2H2 m(a) m(b) m(c) m(d) m(e) m(f)
        set client_mac "$m(a):$m(b):$m(c):$m(d):$m(e):$m(f)"
        set mac_up [string toupper $client_mac]

         DHCP

        for {set i 0} {$i < [string length $dhcp_options]} {incr i [expr {$option_length + 2}]} {
            binary scan $dhcp_options @${i}cc option_id_signed option_length
            set option_id [expr {$option_id_signed & 0xFF}]

            binary scan $dhcp_options @[expr {$i + 2}]a[expr {$option_length & 0xFF}] value
            switch $option_id {
                61 { 
                 Client Identifier
                 This option is used by DHCP clients to specify their unique
                 identifier.  DHCP servers use this value to index their database of
                 address bindings.  This value is expected to be unique for all
                 clients in an administrative domain.
                
                    binary scan $value H2H2H2H2H2H2H2@1H* ht m(a) m(b) m(c) m(d) m(e) m(f) option_value($option_id)
                    if {$ht == 01} { set option_value($option_id) "$m(a):$m(b):$m(c):$m(d):$m(e):$m(f)" }
                    set mac_up [string toupper $option_value($option_id)]
                }
                255 { 
                 End Option
                 The end option marks the end of valid information in the vendor
                 field.  Subsequent octets should be filled with pad options.
                
                    break
                }
            }
        }
    } else {
        log local0.info "$log_prefix Ignored due to length\(less than 200 octet\)" 
        drop 
        return 
    }

    persist uie $mac_up

    if {$DBG} {log local0.debug "$log_prefix_d  ***** iRule: $static::RULE_NAME completed *****"}
}