I have a situation where I have an iRule that works once the user is using the HTTP protocol. Unfortunately, the same VIP handles a proprietary protocol from Oracle called T3. To use the iRule I need an HTTP profile but that will break the T3 users. My idea is the parse the TCP and determine if the request is HTTPIf it is HTTP, add an HTTP profile and my iRule to the VIP dynamically I would like some help. I know the a TCP header is 20 bytes and HTTP starts with the method GET or POST. So I am guessing that I have to 'scan' the tcp payload for a GET (for example) and if it starts with that, apply the http profile and then the iRule. Thanks for your help and/or guidance in advance!

Forum Discussion

Cirrus

Mar 03, 2019

Solved

TCP iRule to find HTTP headers

I have a situation where I have an iRule that works once the user is using the HTTP protocol. Unfortunately, the same VIP handles a proprietary protocol from Oracle called T3. To use the iRule I need an HTTP profile but that will break the T3 users.

My idea is the parse the TCP and determine if the request is HTTP
If it is HTTP, add an HTTP profile and my iRule to the VIP dynamically

I would like some help. I know the a TCP header is 20 bytes and HTTP starts with the method GET or POST. So I am guessing that I have to 'scan' the tcp payload for a GET (for example) and if it starts with that, apply the http profile and then the iRule.

Thanks for your help and/or guidance in advance!

I think you could limit the iRule to this:

when CLIENT_ACCEPTED {
    HTTP::disable
    TCP::collect 4
}

when CLIENT_DATA {
    if { [TCP::payload 4] contains "GET" } {
        HTTP::enable
    }
    TCP::release
}

when HTTP_REQUEST {
    my irule
}

when HTTP_RESPONSE {
    my irule
}

I'll expect the HTTP_REQUEST and HTTP_RESPONSE events will not be triggered when the HTTP profile is disabled.

5 Replies

ottleydamian
Cirrus
Mar 03, 2019
My first thoughts are something like this: (the HTTP profile will be configured on the VIP)

` when CLIENT_ACCEPTED { TCP::collect 4 } `

` when CLIENT_DATA { if { ([TCP::payload 4] contains "GET") || ([TCP::payload 4] contains "POST") } { HTTP::enable How to add the iRule??? } else { HTTP::disable How to remove the iRule??? } TCP::release } `

ottleydamian

Cirrus

Mar 03, 2019

Another thought I had was disabling and enabling events so I can have 1 iRule: (I haven't tested it in production yet but my preliminary test suggest that it should work)

when CLIENT_ACCEPTED {
  TCP::collect 4
}
when CLIENT_DATA {

log local0. "Before GET"

  if { [TCP::payload 4] contains "GET" } {
     HTTP::enable
     event HTTP_REQUEST enable
     event HTTP_RESPONSE enable
     rule Levi-Test

log local0. "After GET"  
     if { [PROFILE::exists http] == 1 }{
     log local0. "HTTP profile was added"
     }
    } else {
    HTTP::disable
    event HTTP_REQUEST disable
    event HTTP_RESPONSE disable
    rule none
    log local0. "HTTP profile was removed..."
}
 TCP::release
}
when HTTP_REQUEST {
my irule
}
when HTTP_RESPONSE {
my irule
}

Niels_van_Sluis

MVP

Mar 03, 2019

I think you could limit the iRule to this:

when CLIENT_ACCEPTED {
    HTTP::disable
    TCP::collect 4
}

when CLIENT_DATA {
    if { [TCP::payload 4] contains "GET" } {
        HTTP::enable
    }
    TCP::release
}

when HTTP_REQUEST {
    my irule
}

when HTTP_RESPONSE {
    my irule
}

I'll expect the HTTP_REQUEST and HTTP_RESPONSE events will not be triggered when the HTTP profile is disabled.

JRahm
Admin
Mar 05, 2019
lgtm, only change I'd make is to assure all the request methods supported by your http app are accounted for in your conditional.
ottleydamian
Cirrus
Mar 05, 2019
Thanks,

My iRule has both GET and POST.

if { ([TCP::payload 4] contains "GET") || ([TCP::payload 4] contains "POST") } {

Thanks guys for all your great help (Niels van Sluis & Jason Rahm). I'm very positive that this will work once I get to implement it.