Forum Discussion

Altocumulus

Mar 19, 2013

weird iRule behaviour UDP/TCP profiles data leak?

Hi guys, I just noticed something weird. Here are the steps to reproduce this. My version is v11.2.1-HF4. 1) create a standard virtual server on a 'normal' IP, say for port 80...

Employee

Mar 19, 2013

i do not think it is data leakage.

this is mine.

[root@ve10:Active] config  b rule myrule list
rule myrule {
   when RULE_INIT {
   set static::cmd "UDP::client_port"
}
when CLIENT_ACCEPTED {
   log local0. "\[IP::client_addr\]:\[TCP::client_port\] [IP::client_addr]:[TCP::client_port]"
   log local0. "\[IP::client_addr\]:\[eval $static::cmd\] [IP::client_addr]:[eval $static::cmd]"
}
}

[root@ve10:Active] config  tail -f /var/log/ltm
Mar 20 11:49:00 local/tmm info tmm[4950]: Rule myrule : [IP::client_addr]:[TCP::client_port] 172.28.19.251:44396
Mar 20 11:49:00 local/tmm info tmm[4950]: Rule myrule : [IP::client_addr]:[eval UDP::client_port] 172.28.19.251:44396

how would I be able to detect if a TCP or UDP profile is used on the virtual server, using the iRule (this was the goal...)instead of checking virtual server's profile, may we check from client traffic by using IP::protocol?

IP::protocol wiki

https://devcentral.f5.com/wiki/irules.IP__protocol.ashx

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)