Forum Discussion
Cindy_127211
Nimbostratus
NimbostratusRule is not validating
I keep getting the following error on a rule when I try to load it and I can't figure out why, as it looks similar to other rules that are validating.
BIGpipe: rule creation error:
01070151:3: Rule [SSLV2_Encrypt_Stmts] error:
line 7: [undefined procedure: else] [else {
HTTP::redirect "www.retireonline.com/rpsparticipant/invalid_ssl_version_2_request.jsp"
}]
Here is the rule:
rule SSLV2_Encrypt_Stmts {
when HTTP_REQUEST {
set mypool [findclass [virtual name] $::Pools " "]
HTTP::header insert "Custom" "stm:443"
if { ![matchclass [SSL::cipher version] equals $::CipherVersion] and [SSL::cipher bits] > 127 } {
pool $mypool
}
else {
HTTP::redirect "www.retireonline.com/rpsparticipant/invalid_ssl_version_2_request.jsp"
}
}
}
4 Replies
Derek_Nelson_10Sounds interesting, except that most of my if/then/else rules are in the format:
if {} {
}
else {
}
without any problems...
Cheers,
- Derek.
Al_Carandang_11Very interesting indeed.. Makes me wonder what else F5 modified from standard TCL aside from their documented changes. It seems I've been discovering more and more lately.
-Al- as Al mentions, "else" is not a TCL command, rather is part of the "if" command, so v9 generates this tcl error if "else" begins a line:
[undefined procedure: else] [else {
However, in v4, iRules were NOT TCL-based, and "else" may legally begin a line.
/deb - Yes, in a few cases we have made some changes to the Tcl parser. These consist of two general modifications and do not in any way change the behavior of "standard" Tcl.
The first modification was to allow an exception for where the "else" clause of an if-else-elseif command may start. Because we had a version of iRules that was not Tcl-based in 4.x, and we were trying to maintain a somewhat similar look and feel, we made changes to allow the "else" to begin on a new line. However, the parser is very picky that there is no whitespace following the closing brace '}' on the previous line. This will eventually be fixed (CR48213), but until then you need to make sure you either follow standard Tcl command continuation or have no trailing whitespace on the end of your lines (this often happens when cut-and-pasting a rule from the forum into the rule text box).
The other modification we made was to add some F5-specific evaluation operators (starts_with, ends_with, etc). Again, this was done to better facilitate users coming from the 4.x environment and make the resulting code much more readable.
I, personally, generally use the Tcl line continuation style described above (eg:
merely because that's my own personal style. However, remember, the whole intent of this was all about making the non-Tcl, F5 user a little more comfortable with the switch to Tcl-based iRules.if {} { ... } else { ... }
BTW, Tcl itself also has a few other syntactic implementation problems. For example, have you ever tried commenting out an "if {} {" line. Try this in "standard" Tcl:
This will also eventually get fixed in our version (CR44839).set myvar "bar" if { $myvar eq "foo" } { if { [string first -nocase $myvar "foo"] } { puts "yep" }
Also, I believe we have documented all the modifications we made to Tcl (though at this time, I'm not sure where...)
