Forum Discussion
Radius Persistence iRule error (bad field specifier)
It could be that the ${hsize} variable is being set to a negative integer. This could happen at the first binary scan the attr_len1 variable is being set to 0 or 1.
So if attr_len1 is set to 1, then hsize becomes '-2', because (1 -2) * 2 = -2.
Could you add an extra log line to your code to see what value is set to the attr_len1 variable?
when CLIENT_ACCEPTED {
binary scan [UDP::payload] ccSH32cc code ident len auth attr_code1 attr_len1
log local0. "DEBUG: attr_len1 = $attr_len1"
set index 22
...
- adammMay 28, 2019Altostratus
Great idea, doing that now. Thanks.
- adammMay 28, 2019Altostratus
That shows the cause of the "-" bad field specifier error:
info tmm[29577]: Rule /Common/Radius_CallingStationId <CLIENT_ACCEPTED>: DEBUG: attr_len1 = 0 err tmm[29577]: 01220001:3: TCL error: /Common/Radius_CallingStationId <CLIENT_ACCEPTED> - bad field specifier "-" while executing "binary scan [UDP::payload] @${index}H${hsize}cc attr_value next_attr_code2 next_attr_len2"
But there's nothing yet for the other error:
info tmm3[29577]: Rule /Common/Radius_CallingStationId <CLIENT_ACCEPTED>: DEBUG: attr_len1 = 67 err tmm3[29577]: 01220001:3: TCL error: /Common/Radius_CallingStationId <CLIENT_ACCEPTED> - can't read "next_attr_len2": no such variable while executing "set attr_len1 $next_attr_len2"
Looking for other logging options to figure it out.
- Lee_SutcliffeMay 29, 2019Nacreous
Have you tried putting the binary scan in a catch, it may explain why the $next_attr_len2 variable is not set
if {[catch {binary scan [UDP::payload] @${index}H${hsize}cc attr_value next_attr_code2 next_attr_len2} catchErr ]} { log local0. "binary scan failed! ERROR: $catchErr" }
- anicosiaJun 20, 2020Nimbostratus
I was dealing the same irule from the Cisco page and troubleshooting with a coworker. The problem was when length exceeded 255, hsize became a negative number as implied above and the looped binary scan broke. In those cases we added 256 to return the proper value for the next length. The following code specifically was added in order to fix the case for either variable. Sharing in case someone else comes across this page when troubleshooting the same thing.
next_attr_len2 = $next_attr_len2"
if { $next_attr_code2 < 0 } {
set next_attr_code2 [ expr { 256 + $next_attr_code2 } ]
}
if { $next_attr_len2 < 0 } {
set next_attr_len2 [ expr { 256 + $next_attr_len2 } ]
}
Here was the full rule (with a few commented-out debug logging that helped us get there)
when CLIENT_ACCEPTED {
binary scan [UDP::payload] ccSH32cc code ident len auth attr_code1 attr_len1
set index 22
while { $index < $len } {
# log local0. "DEBUG: $attr_code1 = $attr_len1 (top of loop)"
set hsize [expr ( $attr_len1 - 2 ) * 2]
binary scan [UDP::payload] @${index}H${hsize}cc attr_value next_attr_code2 next_attr_len2
# log local0. "DEBUG: attr_value = $attr_value , next_attr_code2 = $next_attr_code2 , next_attr_len2 = $next_attr_len2"
if { $next_attr_code2 < 0 } {
set next_attr_code2 [ expr { 256 + $next_attr_code2 } ]
# log local0. "DEBUG: NEW next_attr_code2 = $next_attr_code2"
}
if { $next_attr_len2 < 0 } {
set next_attr_len2 [ expr { 256 + $next_attr_len2 } ]
# log local0. "DEBUG: NEW next_attr_len2 = $next_attr_len2"
}
# If it is Calling-Station-Id (31) attribute...
if { $attr_code1 == 31 } {
persist uie $attr_value 30
return
}
set index [ expr $index + $attr_len1 ]
set attr_len1 $next_attr_len2
set attr_code1 $next_attr_code2
}
}
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com