For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

rubbishking_110's avatar
rubbishking_110
Icon for Nimbostratus rankNimbostratus
Mar 25, 2008

UDP Profile?

Hi All     I have created an iRules just now, however, it is failed when I tried to assigne to a virtual server.     "01070394:3: UDP::payload in rule (FIP_Route) requires an associated UD...
application delivery
dev
devops
iRules
rubbishking_110's avatar
rubbishking_110
Icon for Nimbostratus rankNimbostratus
Mar 27, 2008
Hi all

 

 

it seems that I have "any virtual" in both irules. any idea?

 

 

-rk

 

 

irule1: used for virtual server1 (extract the ip address for the payload. payload will use irule2 for decision)

 

 

when RULE_INIT {

 

array set ::msg_types {

 

4 "Accounting-Request"

 

5 "Accounting-Response"

 

255 "Reserved"

 

}

 

array set ::attr_types {

 

8 "Framed-IP-Address"

 

}

 

}

 

 

when CLIENT_ACCEPTED {

 

set client "[IP::client_addr]:[UDP::client_port]"

 

if { [UDP::payload length] > 4 } {

 

binary scan [UDP::payload] c hdr_code

 

Detect the 1st TLV until last

 

log local0. "RADIUS-Type: $::msg_types($hdr_code)($hdr_code) / RADIUS UDP Payload size: [UDP::payload length] bytes"

 

binary scan [UDP::payload] @20a* rest_string

 

while { [string length $rest_string] >4} {

 

binary scan $rest_string cca* attr_id attr_length rest_string

 

scan $attr_length %i length

 

set ff [format "a%da*" [expr {$length} - 2]]

 

switch $attr_id {

 

8 {

 

binary scan $rest_string c4a* IPtmp rest_string

 

set IP {}

 

foreach num $IPtmp {

 

lappend IP [expr ($num + 0x100) % 0x100]

 

}

 

set ::attr_value1 [join $IP .]

 

log local0. "$::attr_types($attr_id)($attr_id): $::attr_value1"

 

if {[IP::addr $::attr_value1 equals 10.11.0.0/255.255.0.0]} {

 

pool MPOOL1

 

log local0. "Pool used for RADIUS Request with Framed-IP-Address <$::attr_value1> from GGSN <$client>."

 

session add uie {$::attr_value1 any virtual} MPOOL1

 

Proved the lookup is working

 

set poolip [session lookup uie {$::attr_value1 any virtual}]

 

log local0. "$poolip"

 

}

 

elseif {[IP::addr $::attr_value1 equals 10.12.0.0/255.255.0.0]} {

 

pool MPOOL2

 

log local0. "Pool used for RADIUS Request with Framed-IP-Address <$::attr_value1> from GGSN <$client>."

 

session add uie {$::attr_value1 any virtual} MPOOL2

 

Proved the lookup is working

 

set poolip [session lookup uie {$::attr_value1 any virtual}]

 

log local0. "$poolip"

 

}

 

 

}

 

default {

 

binary scan $rest_string $ff attr_value rest_string

 

log local0. "attribute id: $::attr_types($attr_id); attribute length: $length; filed value: $attr_value"

 

}

 

}

 

}

 

}

 

}

 

 

 

irule2: used for virtual server 2 (packet with src ip 10.12.1.1 access)

 

when CLIENT_ACCEPTED {

 

set cIP "[IP::client_addr]"

 

set poolname [session lookup uie {$cIP any virtual}]

 

log local0. "fip=$cIP, pool=$poolname"

 

}