Forum Discussion
Drew666
Nimbostratus
NimbostratusWhat am I doing wrong...................???
Hi All,
I'm attempting to test a very simple iRule - basically extracting the incoming destination TCP port and then matching the extracted port to a number of "IF /ELSE IF" statements for a match in order for re-direction to a specific node /TCP port combination - if no matches found then reject:
when HTTP_REQUEST {
set dport [TCP::local_port clientside]
log local0. "Extract TCP port: $dport"
if { ($dport > 5000) and ($dport < 5150) } {
set newlastoctet [ expr $dport - 4900]
log local0. "IP 4th Octet: $newlastoctet"
log local0. "10.100.10.$newlastoctet 443"
node 10.100.10.$newlastoctet 443
} elseif { ($dport == 6000) } {
log local0. "Test point 1: $dport"
node 10.200.50.1 443
} elseif { ($dport == 7000) } {
log local0. "Test point 2: $dport"
node 10.200.20.1 443
} elseif { ($dport == 8000) } {
log local0. "Test point 3: $dport"
node 10.200.30.1 443
} elseif { ($dport == 9000) } {
log local0. "Test point 4: $dport"
node 10.200.40.1 443
}
else {
reject}
log local0. "Reject HTTP"
}
Executing the script:
###############
1) HTTP:// (VIP IP):5100:
#################
The log files displays:
Tue Oct 22 14:10:25 AEDT 2019 info ddltf5201 tmm3[15275] Rule /Common/Test_irule <HTTP_REQUEST>: Extract TCP port: 5100
Tue Oct 22 14:10:25 AEDT 2019 info ddltf5201 tmm3[15275] Rule /Common/Test_irule <HTTP_REQUEST>: IP 4th Octet: 200
Tue Oct 22 14:10:25 AEDT 2019 info ddltf5201 tmm3[15275] Rule /Common/Test_irule <HTTP_REQUEST>: 10.100.10.200 443
Tue Oct 22 14:10:25 AEDT 2019 info ddltf5201 tmm3[15275] Rule /Common/Test_irule <HTTP_REQUEST>: Reject HTTP
OK, so that extract the TCP port and is tested against the first "IF" statements.
(Not sure why the "Reject HTTP" is logged??? - is there an "exit" cmd to escape from the irule once a match is found?
2) HTTP://(VIP IP):6000
#################
The log file displays:
Tue Oct 22 14:24:28 AEDT 2019 warning ddltf5201.asx.com.au mcpd[5933] 01071859 Warning generated : /Common/Test_irule:5: warning: [use curly braces to avoid double substitution][$dport]
Why doesn't it log /print the extracted port?
What exactly does "use curly braces to avoid double substitution" mean? I have tried a number of "syntax" options i.e.
remove the "(" >>> { $dport == 6000 }
replace with "{" >>> { {$dport == 6000} }
I gather I'm doing something basically "stupid" here - but just unable to identify what exactly the issue is?
Any thoughts, pointers & hints would be greatly appreciated.
Thanks in advance.
Cheers
Drew
Drew666Hi Lidev,
Thank you for the curly braces reference - that certainly "fix" the TCL EXPR part of the script with the extra bracket set, which appears to affect the downstream parts before.
The script is basically functioning now - (yipee) except a really weird issue where if TCP port 6000 is used, it won't match nor even log any error messages etc - nothing! If the say 7000 (or anything not in the 6000s range) is used instead, works perfectly. The 7000 substitution proves the script is working but unable at this stage to analyse why "6000" etc will not????
Cheers
Drew
