For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

CMP v10.0 compatible counters using the session table

Problem this snippet solves:

This simple iRule shows how you can create a CMP-compatible counter. The first portion of the iRule demonstrates creating and incrementing a global counter which is accessible across all virtual servers and all TCP connections. The second portion of the iRule shows a method for creating a VIP-specific global counter. There is no enforcement of access to the VIP-specific global counter but it should prevent accidental trampling of session table entry names. For details on CMP compatibility you can check these resources: https://devcentral.f5.com/wiki/iRules.CMPCompatibility.ashx https://support.f5.com/kb/en-us/solutions/public/7000/700/sol7751.html

Code :

when CLIENT_ACCEPTED {
   set log_prefix "[virtual name] [IP::client_addr]:[TCP::client_port]"
}
when HTTP_REQUEST {

   #######################################################################
   #
   # Global (accessible across all VIPs) counter variable example 
   #   using the session table
   #

   # Look up the counter value. Will return a null string if it doesn't exist
   set value [session lookup uie "my_counter"]
   log local0. "$log_prefix: Global lookup value: $value"

   # Check if the value is null
   if {$value eq ""}{

      # Add a new session table entry with a value of 0
      session add uie "my_counter" 0

   } else {

      # Increment the current value by 1
      session add uie "my_counter" [expr {$value + 1}]
   }
   # Log the updated value
   log local0. "$log_prefix: Global lookup value: [session lookup uie "my_counter"]"

   #######################################################################
   #
   # Local (accessible to only this VIP) counter variable example 
   #   using the session table
   #

   # Save the virtual server name to use as a session table entry prefix
   #  This keeps the variables specific to the virtual server.
   set vip [virtual name]

   # Look up the counter value. Will return a null string if it doesn't exist
   set value [session lookup uie "${vip}_my_counter"]
   log local0. "$log_prefix: Per-vip lookup value: $value"

   # Check if the value is null
   if {$value eq ""}{

      # Add a new session table entry with a value of 0
      session add uie "${vip}_my_counter" 0

   } else {

      # Increment the current value by 1
      session add uie "${vip}_my_counter" [expr {$value + 1}]
   }
   # Log the updated value
   log local0. "$log_prefix: Per-vip lookup value: [session lookup uie "${vip}_my_counter"]"
}

Tested this on version:

10.0
Published Jan 30, 2015
Version 1.0

1 Comment