Forum Discussion

Kirk_Bauer_1018's avatar
Kirk_Bauer_1018
Icon for Nimbostratus rankNimbostratus
Oct 31, 2008

TCP stream inspection problem

I'm running version 9.4.5 HF2.

 

 

I’m trying to use the following simple iRule to detect active versus passive FTP transfers. Unfortunately as soon as I apply this iRule to the virtual server the client sessions hang. All I get in the log is “client accepted”, so apparently the CLIENT_DATA event never triggers. I have also tried “TCP::collect 4” with no change in behavior.

 

 

when CLIENT_ACCEPTED {

 

log local0. "client accepted"

 

TCP::collect

 

}

 

 

when CLIENT_DATA {

 

log local0. "payload [TCP::payload]"

 

if { [TCP::payload] starts_with "PASV" } {

 

log local0. " ** passive transfer"

 

} elseif { [TCP::payload] starts_with "PORT" } {

 

log local0. " ** active transfer"

 

}

 

TCP::release

 

TCP::collect

 

}

 

 

 

Here is the virtual server:

 

 

virtual vip_ftp_in {

 

mirror enable

 

pool pool_ftp

 

destination 10.4.1.150:any

 

ip protocol tcp

 

vlans external enable

 

rules ftp_track

 

persist source_address_shared

 

}

 

 

Is there some special profile setting required for this?

 

 

application delivery
dev
devops
iRules
  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    Nov 06, 2008
    The only reason the CLIENT_DATA event wouldn't fire is if the TCP::collect wasn't collecting the data required. Are you sending data through the connection once it occurs? Typing in a username or password or...something?

     

     

    Colin