Forum Discussion
Fabio_Sozzi_308
Nimbostratus
NimbostratusManipulates SSL payload for 2 Packets inside same session
Hi,
i've a problem with a creation of an iRule.
I have a session TCP and i need to manipulate the first two packets of the session. The packets NOT contain a Layer 7(HTTP,DNS,Ecc..) payload but only simple binary payload(a sequence of ASCII code).
My problem is that after the first packet, which can be manipulated with event CLIENT_ACCEPTED and CLIENT_DATA (and the method TCP::collect), i can't find a event that allows me to modify the next TCP payload packet.
if you can help I have set the HTTP profile. So the only events Layer 7 can be used are those HTTP.
There is an event that satisfies my request?
Thanks in advance for any response.
Kind Regards,
Fabio.
hooleylistCirrostratus
Hi Fabio,
You can collect the TCP payload, check it and then collect more data using TCP::collect in CLIENT_DATA. Here's a post from Chris with a few examples:
http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/afv/topic/aft/1173041/aff/5/showtab/groupforums/Default.aspx1197616
Aaron
Fabio_Sozzi_308Hi Aaron,
sorry but i forgot that my session is SSL.
It's the same for SSL::collect?
Thank you so much for the answer.
Regards
Fabio.- hooleylistYes, I think the concepts for TCP::collect and recollecting apply to SSL::collect. If you try it and get stuck let us know. Else, if you get something working, could you post it here as an example for others?
Thanks, Aaron - Fabio_Sozzi_308Ok thanks Aaron.
i khow it's wrong but unfortunately i forgot something else: the second packet is sent after an answer(the procedure is complicated to explain).
Howewer, to summarize the client send a SSL packet; my irule manipulates the packet adding some headers and sends it to the server that response. This response must be processed by the irule, removing these header and sending the packet to the client(this is the response that the client expects).
Once the client receives the response, sends the second packet.
Now the irule must repeat the same algorithm descrived above.
It's Possibile??
A thousand excuses because i'm not writing everything at once but I was running at the time of opening of the post and spent a lot for not being able to find a solution.
Thanks for any response.
Kind regards,
Fabio.
- Fabio_Sozzi_308If you need anything ask me and i will post ASAP.
Bye.
Fabio. - hooleylistHi Fabio,
I think you'll need to use SSL::collect in CLIENTSSL_HANDSHAKE for the client requests and in SERVERSSL_HANDSHAKE for the server responses. Try to start with a simple iRule based on the wiki pages with a lot of debug logging and see how far you can get. If you get stuck, reply here with the iRule you're testing and the log output from /var/log/ltm.
http://devcentral.f5.com/wiki/default.aspx/iRules/CLIENTSSL_HANDSHAKE.html
http://devcentral.f5.com/wiki/default.aspx/iRules/SERVERSSL_HANDSHAKE.html
Aaron - Fabio_Sozzi_308Hi Aaron,
i have already tried the "test" you told me to do and i can confirm that the first packet sent by the client is modified correctly, and aslo the response by the server is modified correctly.
The problem is the second packet sent by the client because not generate the event "CLIENTSSL_HANDSHAKE" (As stated before, I can confirm by looking at the log)
Reading the wiki inherent in the event "CLIENTSSL_HANDHAKE" i have read:
Triggered when a client-side SSL handshake is completed.The second packet is sent in the same session SSL,maybe it's the reason so the second time the event is not generated.How i can to do for resolve my problem?Thank you so much for the precedent and future answer.Regard,Fabio - Fabio_Sozzi_308Any news?
Fabio. - hooleylistI think you'd need to continue collecting from CLIENTSSL_DATA and/or SERVERSSL_DATA using SSL::collect. But I haven't tested this before and am not able to test it at the moment.
Aaron - Fabio_Sozzi_308Hi Aaron,
unfortunatly i have already tested what you say and isn't works because if i remain in SSL::collect state, the first packet not arrives at the servers.
Other ideas?
Thanks.
Fabio