Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Antonio_Marongi's avatar
Antonio_Marongi
Icon for Nimbostratus rankNimbostratus
Nov 09, 2017

Need help with diameter Irule

Hi everyone, this is the first time I ask a question. I need to create an irule intercepting the DIAMETER message "Disconnect-Peer-Request" (command = 282) from origin-host then drops the outgoing ...
big-ip
devops
irules
Andy_McGrath's avatar
Andy_McGrath
Icon for Cumulonimbus rankCumulonimbus
Nov 10, 2017

I do not know DIAMETER but from your iRule code you have two possible problems:

 

  1. Checking you are executing only on serverside so DIAMETER::respond will send the respond to the server not the client. You will need to check to clientside to respond to the original host.

     

  2. You need to change the DIAMETER::respond parameters (not sure if you left them as the wiki documentation stats as an example) to provide valid DIAMETER data. One key element of this is the AVPs which needs to be in binary format so likely to need to use the TCL command binary format

     

when DIAMETER_EGRESS {
    if {[serverside]} {
        if { [DIAMETER::command] == "282" } {
            DIAMETER::drop
            log local0. "Disconnect-Peer-Request sent from [IP::local_addr] to [IP::remote_addr] with origin-host [DIAMETER::host origin]"
            clientside {DIAMETER::respond "version" "r" "p" "e" "t" "comcode" "appid" "hopid" "endid" "AVPs"}
        }
    }
}