F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Fabio_Sozzi_308's avatar
Fabio_Sozzi_308
Icon for Nimbostratus rankNimbostratus
Nov 30, 2010

Manipulates SSL payload for 2 Packets inside same session

Hi,   i've a problem with a creation of an iRule.   I have a session TCP and i need to manipulate the first two packets of the session. The packets NOT contain a Layer 7(HTTP,DNS,Ecc..) pa...
application delivery
dev
devops
iRules
spark_86682's avatar
spark_86682
Historic F5 Account
Jan 13, 2011
Sorry for taking so long to get back to this, but I've only just now been able to set this up to make sure that this works as I expected.

I think your problem can be solved simply by doing an SSL::release followed immediately by a second SSL::collect to capture the second data packet. Like so: 

   when CLIENTSSL_HANDSHAKE {
      log local0. "Collecting..."
      SSL::collect
      set flag 0
   }
   when CLIENTSSL_DATA {
      log local0. "Got [SSL::payload length] bytes plaintext"
       Release first set of data to connect to server
      SSL::release
      if { $flag == 0 } {
           Collect second set of data
          SSL::collect
          set flag 1
      }
   }
   when SERVER_CONNECTED {
      log local0. "Connected to server"
   }

This works for me: I send one group of plaintext, the server gets connected to, and I can see the second group of plaintext in CLIENTSSL_DATA.

The reason this works is that SSL::release (and TCP::release) release their held data immediately, in this case causing the server connection/LB decision to happen. Note that HTTP::release is special and different, and it does *not* (in all current versions of BIG-IP) release its data immediately, it waits until the current event is complete.

Hope this helps!