Forum Discussion
AltostratusTCL error: invalid command name "1" on GTM
I have the following irule on my GTM:
when DNS_REQUEST {
if { [[active_members Global-webservices.landsbanki.is_A10_pool] = 0] and [[active_members Global-webservices.landsbanki.is_RB_pool] = 0] } {
drop
}
elseif { [IP::addr [IP::remote_addr]/24 equals 89.104.145.0/24] } {
if { [active_members Global-webservices.landsbanki.is_A10_pool] >= 1 } {
pool Global-webservices.landsbanki.is_A10_pool
}
else {
pool Global-webservices.landsbanki.is_RB_pool
}
return
}
elseif { [IP::addr [IP::remote_addr]/24 equals 89.104.148.0/24] } {
if { [active_members Global-webservices.landsbanki.is_RB_pool] >= 1 } {
pool Global-webservices.landsbanki.is_RB_pool
}
else {
pool Global-webservices.landsbanki.is_A10_pool
}
return
}
elseif { not [[IP::addr [IP::remote_addr]/16 equals 172.27.0.0/16] or [IP::addr [IP::remote_addr]/19 equals 89.104.128.0/19]] } {
drop
}
}
But I always get this error in the /var/log/gtm file:
gtmd[1818]: 011a7001:3: TCL error: Rule Global_Webservice_millinet_irule - invalid command name "1" while executing "[active_members Global-webservices.landsbanki.is_A10_pool] = 0"
and I know that the error comes on the first (bolded above) : [active_members Global-webservices.landsbanki.is_A10_pool] = 0]
Can anyone tell me what is wrong with this ??
I don't understand the error - where is this command name "1" ??
16 Replies
hoolioCirrostratus
Hi Arnor,
The square braces execute the text within as a command and return the value. So if you have [$command1] or [$command2] it will return true or false (0 or 1). If you have [[$command1] or [$command2]] it will try to execute 0 or 1 and return an invalid command error as 0 and 1 aren't valid commands. If you want to do logical grouping, use parentheses instead.
Also, when using the IP::addr command, only put the /subnet on the network--not a host address like IP::remote_addr. Lastly, when checking the result of the active_members command, you should use == to do a numeric comparison not just =.
Can you try this?when DNS_REQUEST { if { [active_members Global-webservices.landsbanki.is_A10_pool] == 0 and [active_members Global-webservices.landsbanki.is_RB_pool] == 0 } { drop } elseif { [IP::addr [IP::remote_addr] equals 89.104.145.0/24] } { if { [active_members Global-webservices.landsbanki.is_A10_pool] >= 1 } { pool Global-webservices.landsbanki.is_A10_pool } else { pool Global-webservices.landsbanki.is_RB_pool } return } elseif { [IP::addr [IP::remote_addr] equals 89.104.148.0/24] } { if { [active_members Global-webservices.landsbanki.is_RB_pool] >= 1 } { pool Global-webservices.landsbanki.is_RB_pool } else { pool Global-webservices.landsbanki.is_A10_pool } return } elseif { not ([IP::addr [IP::remote_addr] equals 172.27.0.0/16] or [IP::addr [IP::remote_addr] equals 89.104.128.0/19]) } { drop } }
Aaron
Arnor_ArnasonExcellent Aaron, thank you - of course this was the issue - works perfectly now :-)
I always get a bit confused with all the braces and parentheses :-(
Thanks,
Arnór- hoolioJust remember that square braces are to execute commands and return the value, and parentheses are used for logical grouping :)
Aaron - Arnor_ArnasonNow I have a new twist on this - and maybe I should open a case for this, but I'll try it here first.
I just upgraded the GTM's from 9.4.8 to 10.2.2 and after that, I am not able to edit this rule (above) through the GUI.
It works fine if I edit it with iRule editor and save it, but when editing it in the GUI and pressing 'update' I get this error:
01070151:3: Rule [Global_Webservice_millinet_irule] error:
line 1: [undefined procedure: ] [{}]
All other irules work fine, but not this one !?
Any ideas ? - hoolioCan you post the exact rule you're testing in [ code ] [/ code ] blocks (without the spaces)?
Aaron - Arnor_ArnasonYes sure,
but actually - it is just a copy of what you wrote above 🙂
Here it is:when DNS_REQUEST { if { [active_members Global-webservices.landsbanki.is_A10_pool] == 0 and [active_members Global-webservices.landsbanki.is_RB_pool] == 0 } { drop } elseif { [IP::addr [IP::remote_addr] equals 89.104.145.0/24] } { if { [active_members Global-webservices.landsbanki.is_A10_pool] >= 1 } { pool Global-webservices.landsbanki.is_A10_pool } else { pool Global-webservices.landsbanki.is_RB_pool } return } elseif { [IP::addr [IP::remote_addr] equals 89.104.148.0/24] } { if { [active_members Global-webservices.landsbanki.is_RB_pool] >= 1 } { pool Global-webservices.landsbanki.is_RB_pool } else { pool Global-webservices.landsbanki.is_A10_pool } return } elseif { not ([IP::addr [IP::remote_addr] equals 172.27.0.0/16] or [IP::addr [IP::remote_addr] equals 89.104.128.0/19]) } { drop } } - hoolioThis looks like a bug in the GTM iRule parser. Here's a simple way to reproduce it:
when DNS_REQUEST { if { 1 == 1 } { } }
Here's a workaround:when DNS_REQUEST { if { not [active_members Global-webservices.landsbanki.is_A10_pool] and not [active_members Global-webservices.landsbanki.is_RB_pool] } { drop } elseif { [IP::addr [IP::remote_addr] equals 89.104.145.0/24] } { if { [active_members Global-webservices.landsbanki.is_A10_pool] } { pool Global-webservices.landsbanki.is_A10_pool } else { pool Global-webservices.landsbanki.is_RB_pool } return } elseif { [IP::addr [IP::remote_addr] equals 89.104.148.0/24] } { if { [active_members Global-webservices.landsbanki.is_RB_pool] } { pool Global-webservices.landsbanki.is_RB_pool } else { pool Global-webservices.landsbanki.is_A10_pool } return } elseif { not ([IP::addr [IP::remote_addr] equals 172.27.0.0/16] or [IP::addr [IP::remote_addr] equals 89.104.128.0/19]) } { drop } }
You could open a case with F5 Support to have them look into the issue. It might be fixed already in the current v11 beta as I believe there has been a lot of work done on GTM iRules in the upcoming version.
Aaron - Arnor_ArnasonThanks Aaron, that did the trick.
I'll wait with opening a case, I always use the iRule editor anyways....
Arnór
