For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kazeem1's avatar
kazeem1
Icon for Nimbostratus rankNimbostratus
Jun 01, 2025

SMPP IRULES that insert destination port in One Vip, as Port in Second Vip pool member

I have a 2-step situation with SMPP traffic. Aggregator Traffic---F5 (VIP 1) 10.1.1.1:* (eg 5102) F5 (SNAT IP) 10.1.1.2--- SMS FW 10.1.1.3:10000 SMS FW 10.1.1.3--- F5 (VIP 2) 10.1.1.4:10000 F5 (S...
announcement
application delivery
cloud
devops
Injeyan_Kostas's avatar
Injeyan_Kostas
Icon for Nacreous rankNacreous
Jun 02, 2025

There is no way to bind dest port in one VS with the pool member port in another VS
Unless you somehow inject this info in to the request itself
If we spoke for http this would be very easy with an http header
In this case I cannot think something else except injecting dest port in to the payload in VIP1 and then in VIP2 extract/strip the value and use it

I am not an SMPP expert so I played with AI
It might not work at all but hope you get the logic.

you can test it and adjust it

iRule for VIP 1 (Inject destination port)

when CLIENT_ACCEPTED {
    # Capture the port this VIP was hit on
    set injected_port [TCP::local_port]
}

when CLIENT_DATA {
    TCP::collect

    set pdu [TCP::payload]

    # Extract command_id at offset 4 (should be 0x00000004 for submit_sm)
    binary scan $pdu @4I cmd_id

    if { $cmd_id == 4 } {
        # Inject service_type: P<PORT> + NULL terminator
        set tag "P$injected_port"
        set null [binary format c 0]
        set service_type "$tag$null"

        # Replace original service_type at offset 16
        set new_pdu "${pdu range 0 15}$service_type${pdu range 16 end}"

        TCP::payload replace 0 [TCP::payload length] $new_pdu

        log local0. "VIP1: Injected service_type tag $tag into submit_sm"
    }

    TCP::release
}

 

iRule for VIP 2 (Extract, route, and clean)

when CLIENT_ACCEPTED {
    # Init variable
    set dyn_port 0
}

when CLIENT_DATA {
    TCP::collect

    set pdu [TCP::payload]

    # Check SMPP command_id
    binary scan $pdu @4I cmd_id

    if { $cmd_id == 4 } {
        # Read service_type field from byte 16 (C-Octet null-terminated)
        binary scan $pdu @16Z* service_type

        # Match and extract port from "P<PORT>" format
        if {[regexp {^P(\d{1,5})$} $service_type match dyn_port]} {
            log local0. "VIP2: Extracted dynamic port: $dyn_port"

            # Strip service_type: replace with single null byte
            set null [binary format c 0]
            set tag_len [expr {[string length $service_type] + 1}]
            set stripped_pdu "${pdu range 0 15}$null${pdu range [expr 16 + $tag_len] end}"

            TCP::payload replace 0 [TCP::payload length] $stripped_pdu

            # Set backend IP and dynamic port
            set backend_ip "10.100.114.129"
            node $backend_ip $dyn_port

            log local0. "VIP2: Forwarding to $backend_ip:$dyn_port"
        } else {
            log local0. "VIP2: No valid port tag in service_type"
        }
    }

    TCP::release
}