Forum Discussion
NimbostratusLTM log tmm errors "err tmm9[22715]: 012200001:3: TCL error"
Hi everyone, we implemented an iRule and we received on the LTM the following "log errors":
"Feb 22 12:18:47 slot2/device1 err tmm2[22850]: 01220001:3: TCL error: /Common/in_house_iRuletcp-rule - can't read "detect_handshake": no such variable while executing "if { ($detect_handshake) } { skip past the session id set record_offset 43 binary scan [TCP::payload] @${record_..."
Where the iRule define the variable "detect_hadshake":
binary scan [TCP::payload]
if { [binary scan [TCP::payload] cSS tls_xacttype tls_version tls_recordlen] < 3 } {
reject return
}
# XX8 SSLv3.0 XX9 TLSv1.0 XX0 TLSv1.1 XX1 TLSv1.2
switch $tls_version {
"XX9" -
"XX0" -
"XX1" {
if { ($tls_xacttype == 22) } {
binary scan [TCP::payload] @5c tls_action
if { not (($tls_action == 1) && ([TCP::payload length] > $tls_recordlen)) } {
set detect_handshake 0
}
}
}
"XX8" {
set detect_handshake 0
}
default {
set detect_handshake 0
}
}
if { ($detect_handshake) } {
# skip past the session id
set record_offset 43
binary scan [TCP::payload] @${record_offset}c tls_sessidlen
set record_offset [expr {$record_offset + 1 + $tls_sessidlen}]Can somebody help me?
Thanks
CB
3 Replies
Lee_SutcliffeNacreous
I suspect the code within the switch statement is not being executed so the variable $detect_handshake is not set. Try initialising the variable at the start of the iRule, by placing the following before the switch statement
set detect_handshake 0
Is there other code you have not shared that sets this variable to ’1’?
Stanislas_Piro2Cumulonimbus
You found this code on devcentral and you changed it.
What behavior do you expect?
- Stanislas_Piro2
Look at this code which extract servername without this variable.
https://devcentral.f5.com/codeshare/sni-based-pool-selection-without-clientssl-profile-1119
