Forum Discussion
TCL error: invalid command name "1" on GTM
I have the following irule on my GTM:
when DNS_REQUEST {
if { [[active_members Global-webservices.landsbanki.is_A10_pool] = 0] and [[active_members Global-webservices.landsbanki.is_RB_pool] = 0] } {
drop
}
elseif { [IP::addr [IP::remote_addr]/24 equals 89.104.145.0/24] } {
if { [active_members Global-webservices.landsbanki.is_A10_pool] >= 1 } {
pool Global-webservices.landsbanki.is_A10_pool
}
else {
pool Global-webservices.landsbanki.is_RB_pool
}
return
}
elseif { [IP::addr [IP::remote_addr]/24 equals 89.104.148.0/24] } {
if { [active_members Global-webservices.landsbanki.is_RB_pool] >= 1 } {
pool Global-webservices.landsbanki.is_RB_pool
}
else {
pool Global-webservices.landsbanki.is_A10_pool
}
return
}
elseif { not [[IP::addr [IP::remote_addr]/16 equals 172.27.0.0/16] or [IP::addr [IP::remote_addr]/19 equals 89.104.128.0/19]] } {
drop
}
}
But I always get this error in the /var/log/gtm file:
gtmd[1818]: 011a7001:3: TCL error: Rule Global_Webservice_millinet_irule - invalid command name "1" while executing "[active_members Global-webservices.landsbanki.is_A10_pool] = 0"
and I know that the error comes on the first (bolded above) : [active_members Global-webservices.landsbanki.is_A10_pool] = 0]
Can anyone tell me what is wrong with this ??
I don't understand the error - where is this command name "1" ??
- hoolioCirrostratusHi Arnor,
when DNS_REQUEST { if { [active_members Global-webservices.landsbanki.is_A10_pool] == 0 and [active_members Global-webservices.landsbanki.is_RB_pool] == 0 } { drop } elseif { [IP::addr [IP::remote_addr] equals 89.104.145.0/24] } { if { [active_members Global-webservices.landsbanki.is_A10_pool] >= 1 } { pool Global-webservices.landsbanki.is_A10_pool } else { pool Global-webservices.landsbanki.is_RB_pool } return } elseif { [IP::addr [IP::remote_addr] equals 89.104.148.0/24] } { if { [active_members Global-webservices.landsbanki.is_RB_pool] >= 1 } { pool Global-webservices.landsbanki.is_RB_pool } else { pool Global-webservices.landsbanki.is_A10_pool } return } elseif { not ([IP::addr [IP::remote_addr] equals 172.27.0.0/16] or [IP::addr [IP::remote_addr] equals 89.104.128.0/19]) } { drop } }
- Arnor_ArnasonAltostratusExcellent Aaron, thank you - of course this was the issue - works perfectly now :-)
- hoolioCirrostratusJust remember that square braces are to execute commands and return the value, and parentheses are used for logical grouping :)
- Arnor_ArnasonAltostratusNow I have a new twist on this - and maybe I should open a case for this, but I'll try it here first.
- hoolioCirrostratusCan you post the exact rule you're testing in [ code ] [/ code ] blocks (without the spaces)?
- Arnor_ArnasonAltostratusYes sure,
when DNS_REQUEST { if { [active_members Global-webservices.landsbanki.is_A10_pool] == 0 and [active_members Global-webservices.landsbanki.is_RB_pool] == 0 } { drop } elseif { [IP::addr [IP::remote_addr] equals 89.104.145.0/24] } { if { [active_members Global-webservices.landsbanki.is_A10_pool] >= 1 } { pool Global-webservices.landsbanki.is_A10_pool } else { pool Global-webservices.landsbanki.is_RB_pool } return } elseif { [IP::addr [IP::remote_addr] equals 89.104.148.0/24] } { if { [active_members Global-webservices.landsbanki.is_RB_pool] >= 1 } { pool Global-webservices.landsbanki.is_RB_pool } else { pool Global-webservices.landsbanki.is_A10_pool } return } elseif { not ([IP::addr [IP::remote_addr] equals 172.27.0.0/16] or [IP::addr [IP::remote_addr] equals 89.104.128.0/19]) } { drop } }
- hoolioCirrostratusThis looks like a bug in the GTM iRule parser. Here's a simple way to reproduce it:
when DNS_REQUEST { if { 1 == 1 } { } }
when DNS_REQUEST { if { not [active_members Global-webservices.landsbanki.is_A10_pool] and not [active_members Global-webservices.landsbanki.is_RB_pool] } { drop } elseif { [IP::addr [IP::remote_addr] equals 89.104.145.0/24] } { if { [active_members Global-webservices.landsbanki.is_A10_pool] } { pool Global-webservices.landsbanki.is_A10_pool } else { pool Global-webservices.landsbanki.is_RB_pool } return } elseif { [IP::addr [IP::remote_addr] equals 89.104.148.0/24] } { if { [active_members Global-webservices.landsbanki.is_RB_pool] } { pool Global-webservices.landsbanki.is_RB_pool } else { pool Global-webservices.landsbanki.is_A10_pool } return } elseif { not ([IP::addr [IP::remote_addr] equals 172.27.0.0/16] or [IP::addr [IP::remote_addr] equals 89.104.128.0/19]) } { drop } }
- Arnor_ArnasonAltostratusThanks Aaron, that did the trick.
- hoolioCirrostratus...
- hoolioCirrostratusIf the unit isn't in production, try running 'b load' with the original iRule that generates an error when trying to save via the GUI. Chances are if it errs via the GUI it won't load either. I'd open a case on this sooner than later.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com