Forum Discussion
jlepore092170_1
Nimbostratus
NimbostratusRequest for decoding iRules
Hello,
Can someone provide me with a quick breakdown of what the following iRule commands are doing? Thank you!
when CLIENT_ACCEPTED {
# Open High Speed Logging handle to syslog_pool
set hsl [HSL::open -proto UDP -pool pool_syslog]
log local0. "Connection from [IP::client_addr]"
}
when HTTP_REQUEST {
# Iterate through each header in the request and send a log msg
foreach headr [HTTP::header names] {
HSL::send $hsl "$headr [HTTP::header $headr]"
}
# Collect the Content-Length of the body and trigger HTTP_REQUEST_DATA
HTTP::collect [HTTP::header "Content-Length"]
}
when HTTP_REQUEST_DATA {
# Set the payload we captured in HTTP_REQUEST to $RequestData
set RequestData [HTTP::payload]
log local0. $RequestData
# if there is a pSessionId, let\'s find it Switch Statement Here!!!
if {$RequestData contains "pSessionId"} {
set pass1 [getfield $RequestData "pSessionId>" 2]
log local0. "pass1 is $pass1"
# switch statement to handle variants of sessionIds coming from AS400
switch -glob $pass1 {
"ROS-" {
set ROSpass [getfield $pass1 "<" 1]
log local0. "ROSpass is $ROSpass"
set pSessionId $ROSpass
}
"" {
log local0. "Checking for pass1 again: $pass1"
set CDATApass [getfield $pass1 "CDATA[" 2]
log local0. "CDATApass is $CDATApass"
set CDATApass2 [getfield $CDATApass "]" 1]
log local0. "CDATAPass2 is $CDATApass2"
set pSessionId $CDATApass2
}
}
log local0. "pSessionId is $pSessionId"
# persist on pSessionId for 3mins
persist uie $pSessionId 180
} else {
log local0. "No pSessionId"
set NOpSessionId 1
}
# Log the body of the request
HSL::send $hsl $RequestData
}
when HTTP_RESPONSE {
# Iterate and log response headers
foreach headr [HTTP::header names] {
HSL::send $hsl "$headr [HTTP::header $headr]"
}
# Collect the response body and trigger HTTP_RESPONSE_DATA
HTTP::collect [HTTP::header "Content-Length"]
}
when HTTP_RESPONSE_DATA {
# Set the payload we captured to $ResponseData
set ResponseData [HTTP::payload]
log local0. $ResponseData
# If there wasn't a pSessionId on the request look for it now...
if {[info exists NOpSessionId]} {
# Code to handle session creation by Route Objects server
if {$ResponseData contains "LogonResult>"}{
set respasstemp [getfield $ResponseData "LogonResult>" 2]
set pSessionId [getfield $respasstemp "<" 1]
log local0. "This is the logonresult from responsedata: $pSessionId"
} else {
if {$ResponseData contains "pSessionId"} {
set respass1 [getfield $ResponseData "pSessionId>" 2]
log local0. "respass1 is $respass1"
# switch statement to handle variants of sessionIds on all subsquent responses
switch -glob $respass1 {
"ROS-*" {
set resROSpass [getfield $respass1 "<" 1]
log local0. "resROSpass is $resROSpass"
set pSessionId $resROSpass
} "3 Replies
Kevin_Davies_40Nacreous
The parser on this site does not like the contents of HTTP_REQUEST_DATA so I cannot repost it here correctly... here is a gist of the iRule
https://gist.github.com/rtfmoz/e710b363ec4a48f10235
- Kevin_Davies_40
The iRule is persisting on the pSessionId in the payload of HTTP requests. It uses getfield to retrieve it. You will need to look at the payload sent to high speed logging to see the data from where it is extracted. I noticed in the last event you are not using high speed logging for the payload logging. Probably need to fix this.
jlepore092170_1Kevin,
Thank you very much for the quick response and help on this.
It was very helpful.
