Forum Discussion
R_Marc
Nimbostratus
NimbostratusNeed to access server IP in CLIENT_DATA
I need to make a modification to the TCP::payload with the target IP of the back-end server. I'm able to make the modifications (when there's one known target server) but I need to do this with a cluster of backend servers.
This sorta works, but breaks down if there are multiple back end servers, as another LB selection is made and so my modified payload doesn't always match the target server. Note, my goal is to not override the load balancing.
when CLIENT_DATA {
if { [TCP::payload] contains "(CONNECT_DATA=" } {
set selection [LB::select]
log local0. "LB server [lindex $selection 3]"
set ip_match [regexp -all -inline -indices [IP::local_addr] [TCP::payload]]
log local0. "[TCP::payload]"
foreach instance $ip_match {
set service_start [lindex $instance 0]
set original_tcp_length [TCP::payload length]
TCP::payload replace $service_start 14 [lindex $selection 3]
log local0. "[TCP::payload]"
TCP::payload replace 0 2 [binary format S1 [TCP::payload length]]
}
}
TCP::release
}
9 Replies
- nitass
Employee
have you tried TCP::collect in LB_SELECTED?
How to process Client side's TCP Payload after SERVER_CONNECTED?
https://devcentral.f5.com/questions/how-to-process-client-sides-tcp-payload-after-server_connected
R_MarcYes. Perhaps I'm doing something wrong there, but here's what I tried as a test:
Here's what I see in the log:when CLIENT_ACCEPTED { log local0. "client ip [IP::client_addr]" } when CLIENT_DATA { log local0. "in client data" } when LB_SELECTED { TCP::collect log local0. "[TCP::payload]" TCP::release } when SERVER_CONNECTED { log local0. "[IP::server_addr]" }
I'll read that article though and see if I find anything useful.Jun 10 12:05:53 slot1/bip info tmm[10558]: Rule /Common/monitoring-rule : client ip 10.0.148.33 Jun 10 12:05:53 slot1/bip info tmm[10558]: Rule /Common/monitoring-rule : Jun 10 12:05:53 slot1/bip info tmm[10558]: Rule /Common/monitoring-rule : 10.0.145.161- nitassi think you should release data (TCP::release) in CLIENT_DATA (not LB_SELECTED).
- R_MarcGot it working... Thanks for the tip.
nitass_89166Noctilucent
have you tried TCP::collect in LB_SELECTED?
How to process Client side's TCP Payload after SERVER_CONNECTED?
https://devcentral.f5.com/questions/how-to-process-client-sides-tcp-payload-after-server_connected- R_MarcYes. Perhaps I'm doing something wrong there, but here's what I tried as a test:
Here's what I see in the log:when CLIENT_ACCEPTED { log local0. "client ip [IP::client_addr]" } when CLIENT_DATA { log local0. "in client data" } when LB_SELECTED { TCP::collect log local0. "[TCP::payload]" TCP::release } when SERVER_CONNECTED { log local0. "[IP::server_addr]" }
I'll read that article though and see if I find anything useful.Jun 10 12:05:53 slot1/bip info tmm[10558]: Rule /Common/monitoring-rule : client ip 10.0.148.33 Jun 10 12:05:53 slot1/bip info tmm[10558]: Rule /Common/monitoring-rule : Jun 10 12:05:53 slot1/bip info tmm[10558]: Rule /Common/monitoring-rule : 10.0.145.161 - nitass_89166i think you should release data (TCP::release) in CLIENT_DATA (not LB_SELECTED).
- R_MarcGot it working... Thanks for the tip.
- R_Marc
After reading the comments (thanks again) got it working:
when CLIENT_DATA { log local0. "-" if { [TCP::payload] contains "(CONNECT_DATA=" } { set ip_match [regexp -all -inline -indices [IP::local_addr] [TCP::payload]] foreach instance $ip_match { set service_start [lindex $instance 0] set original_tcp_length [TCP::payload length] TCP::payload replace $service_start 14 [LB::server addr] TCP::payload replace 0 2 [binary format S1 [TCP::payload length]] } } TCP::release TCP::collect } when LB_SELECTED { TCP::collect }
