For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

rubbishking_110's avatar
rubbishking_110
Icon for Nimbostratus rankNimbostratus
Mar 25, 2008

UDP Profile?

Hi All     I have created an iRules just now, however, it is failed when I tried to assigne to a virtual server.     "01070394:3: UDP::payload in rule (FIP_Route) requires an associated UD...
application delivery
dev
devops
iRules
rubbishking_110's avatar
rubbishking_110
Icon for Nimbostratus rankNimbostratus
Mar 27, 2008
Hi

 

 

it seems that the value stored using "session" command cannot reuse in other iRules for other virtual servers unless the golbal variable is defined in RULE_INIT. am I correct?

 

 

below is the coding I am using, I want the other irule that can extract the value in the session table. possible? or do I need to combine two irules into one single irule?

 

 

the irule1 for vserver1 while irule2 for vserver2.

 

 

 

- rk

 

 

irule1: used for virtual server1 (extract the ip address for the payload. payload will use irule2 for decision)

 

 

when RULE_INIT {

 

array set ::msg_types {

 

4 "Accounting-Request"

 

5 "Accounting-Response"

 

255 "Reserved"

 

}

 

array set ::attr_types {

 

8 "Framed-IP-Address"

 

}

 

}

 

 

when CLIENT_ACCEPTED {

 

set client "[IP::client_addr]:[UDP::client_port]"

 

if { [UDP::payload length] > 4 } {

 

binary scan [UDP::payload] c hdr_code

 

Detect the 1st TLV until last

 

log local0. "RADIUS-Type: $::msg_types($hdr_code)($hdr_code) / RADIUS UDP Payload size: [UDP::payload length] bytes"

 

binary scan [UDP::payload] @20a* rest_string

 

while { [string length $rest_string] >4} {

 

binary scan $rest_string cca* attr_id attr_length rest_string

 

scan $attr_length %i length

 

set ff [format "a%da*" [expr {$length} - 2]]

 

switch $attr_id {

 

8 {

 

binary scan $rest_string c4a* IPtmp rest_string

 

set IP {}

 

foreach num $IPtmp {

 

lappend IP [expr ($num + 0x100) % 0x100]

 

}

 

set ::attr_value1 [join $IP .]

 

log local0. "$::attr_types($attr_id)($attr_id): $::attr_value1"

 

if {[IP::addr $::attr_value1 equals 10.11.0.0/255.255.0.0]} {

 

pool MPOOL1

 

log local0. "Pool used for RADIUS Request with Framed-IP-Address <$::attr_value1> from GGSN <$client>."

 

session add uie {$::attr_value1 any virtual} MPOOL1

 

Proved the lookup is working

 

set poolip [session lookup uie {$::attr_value1 any virtual}]

 

log local0. "$poolip"

 

}

 

elseif {[IP::addr $::attr_value1 equals 10.12.0.0/255.255.0.0]} {

 

pool MPOOL2

 

log local0. "Pool used for RADIUS Request with Framed-IP-Address <$::attr_value1> from GGSN <$client>."

 

session add uie {$::attr_value1 any virtual} MPOOL2

 

Proved the lookup is working

 

set poolip [session lookup uie {$::attr_value1 any virtual}]

 

log local0. "$poolip"

 

}

 

 

}

 

default {

 

binary scan $rest_string $ff attr_value rest_string

 

log local0. "attribute id: $::attr_types($attr_id); attribute length: $length; filed value: $attr_value"

 

}

 

}

 

}

 

}

 

}

 

 

 

irule2: used for virtual server 2 (packet with src ip 10.12.1.1 access)

 

when CLIENT_ACCEPTED {

 

set cIP "[IP::client_addr]"

 

set poolname [session lookup uie {$cIP any virtual}]

 

log local0. "fip=$cIP, pool=$poolname"

 

}