For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Chris_18457's avatar
Chris_18457
Icon for Cirrus rankCirrus
Jan 02, 2013

TCP::close, connection clean up

In the iRule I am writing, I have a condition where if too many errors are seen from the client, I want to error back to them and close out of TCP connection using the TCP::close command. Currently,...
application delivery
dev
devops
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee
Jan 03, 2013
in my lab, bigip sends FIN on both sides (client and server side). it is shown at line (1) and (2) in tcpdump when using TCP::close command below. 

[root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.252:23
   ip protocol 6
   rules myrule
}
[root@ve10:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:23 {}
}
[root@ve10:Active] config  b self 200.200.200.10 list
self 200.200.200.10 {
   netmask 255.255.255.0
   vlan internal
   allow default
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when CLIENT_ACCEPTED {
        TCP::collect 1 0
}
when CLIENT_DATA {
        if { [TCP::payload] eq "z" } {
                TCP::close
                return
        }
        TCP::release
        TCP::collect
}
}

 tcpdump when exiting normally (exit command)

14:56:09.431776 IP 200.200.200.101.23 > 200.200.200.10.60462: FP 216:230(14) ack 81 win 46
14:56:09.431792 IP 200.200.200.10.60462 > 200.200.200.101.23: . ack 231 win 4609
14:56:09.431798 IP 172.28.19.252.23 > 192.168.206.33.60462: FP 216:230(14) ack 81 win 3860
14:56:09.433824 IP 192.168.206.33.60462 > 172.28.19.252.23: . ack 231 win 259
14:56:09.434854 IP 192.168.206.33.60462 > 172.28.19.252.23: F 81:81(0) ack 231 win 259
14:56:09.434868 IP 172.28.19.252.23 > 192.168.206.33.60462: . ack 82 win 3860
14:56:09.434872 IP 200.200.200.10.60462 > 200.200.200.101.23: F 81:81(0) ack 231 win 4609
14:56:09.435837 IP 200.200.200.101.23 > 200.200.200.10.60462: . ack 82 win 46

 tcpdump when using TCP::close (press z)

(1) 14:56:49.971766 IP 200.200.200.10.60464 > 200.200.200.101.23: F 75:75(0) ack 210 win 4589
(2) 14:56:49.971773 IP 172.28.19.252.23 > 192.168.206.33.60464: F 210:210(0) ack 76 win 3855
14:56:49.972820 IP 200.200.200.101.23 > 200.200.200.10.60464: F 210:210(0) ack 76 win 46
14:56:49.972838 IP 200.200.200.10.60464 > 200.200.200.101.23: . ack 211 win 4589
14:56:49.973879 IP 192.168.206.33.60464 > 172.28.19.252.23: . ack 211 win 260
14:56:49.973889 IP 192.168.206.33.60464 > 172.28.19.252.23: F 76:76(0) ack 211 win 260
14:56:49.973899 IP 172.28.19.252.23 > 192.168.206.33.60464: . ack 77 win 3855