Forum Discussion
bongshanks
Nimbostratus
NimbostratusScan command and variables in a SSL transaction
Hey folks,
I'm trying to finish an iRule and I'd appreciate some critiquing or advice. I'm trying to capture some client IP/SSL cipher information as well as a 23 character string of text that will...
nitass
Employee
EmployeeDoes scan perform the same search action as a regex?
can you try something like this?
// config
[root@ve13a:Active:In Sync] config tmsh list ltm rule qux
ltm rule qux {
when CLIENT_ACCEPTED {
log local0. "SSL_CUSTOM: Connection of Client Source IP: [IP::client_addr]:[TCP::client_port]<-->[virtual name]<-->[LB::server]"
}
when CLIENTSSL_HANDSHAKE {
if { [SSL::cipher bits] > 0 } then {
log local0. "Client: [IP::client_addr] is using [SSL::cipher version]. SSL Cipher:[SSL::cipher name]. Virtual:[virtual]. SSL Profile:[PROFILE::clientssl name]."
SSL::collect
}
}
when CLIENTSSL_DATA {
log local0. "\[SSL::payload\] is [SSL::payload]"
if { [regexp {(\d{8})(\d{15})} [SSL::payload] -> tid mid] } {
log local0. "tid=$tid mid=$mid"
}
SSL::release
}
}
// client
(echo abc123xyz16021201334440212201602ijk987) |openssl s_client -connect 172.28.24.10:443 >& /dev/null
// log
[root@ve13a:Active:In Sync] config tail -f /var/log/ltm
Dec 27 11:24:53 ve13a info tmm[17969]: Rule /Common/qux : SSL_CUSTOM: Connection of Client Source IP: 172.28.24.1:32824<-->/Common/bar<-->/Common/foo 0
Dec 27 11:24:53 ve13a info tmm[17969]: Rule /Common/qux : Client: 172.28.24.1 is using TLSv1.2. SSL Cipher:ECDHE-RSA-AES128-GCM-SHA256. Virtual:/Common/bar. SSL Profile:/Common/clientssl.
Dec 27 11:24:53 ve13a info tmm[17969]: Rule /Common/qux : [SSL::payload] is abc123xyz16021201334440212201602ijk987
Dec 27 11:24:53 ve13a info tmm[17969]: Rule /Common/qux : tid=16021201 mid=334440212201602
bongshanksI'll try that in the next change window in a week
This is my first iteration that I wanted to try
when CLIENTSSL_DATA { set payload [SSL::payload] set combo "" set tid "" set mid "" regexp ([0-9]{8}[0-9]{15}){1} $payload combo set tid [string range $combo 0 7] set mid [string range $combo 8 end]
