For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Darin_DeFer's avatar
Darin_DeFer
Icon for Altostratus rankAltostratus
Feb 04, 2022
Solved

SSL::payload replace - silent failure?

We have a request to add a certificate common name (CN) string to the end of a particular type of ISO-8583 message request coming arcoss on a long-lived TCP connection.  We already extract and log elements of the message payload today...no problem.  We created a new iRule to detect the particular message type and append the trailing CN string...again no problem.

When we try to replace the payload our iRule fails silently...problem.

The syntax is pretty basic, I don't think we're fudging it up.  Anything we can do to debug WHY this particular line in our iRule is failing?

     [SSL::payload] replace 0 $data_len $new_payload;

  • We know that new_payload is good and contains the value we want.
  • We have data_len set using:  set data_len [SSL::payload length] 

Have tried using "[SSL::payload]" and "SSL::payload" on the chance that the square brackets were issue.  No joy.

  • Can you try something like this,

    SSL::payload replace 0 $data_len ""

    SSL::payload replace 0 0 $new_payload

2 Replies

  • Can you try something like this,

    SSL::payload replace 0 $data_len ""

    SSL::payload replace 0 0 $new_payload

    • Darin_DeFer's avatar
      Darin_DeFer
      Icon for Altostratus rankAltostratus

      That was it.  I *thought* we'd tried it without the enclosing square brackets bit clearly NOT!

      Many thanks!