20 Lines or Less #58: Spaces, Logging and Info
What could you do with your code in 20 Lines or Less? That's the question I like to ask for the DevCentral community, and every time I go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head.
This week the wondrous bounty that is the iRules forums has been ripe with options for the avid iRules enthusiast. Whether you're looking for simple or complex, there has been plenty to delve into thanks to the killer community and the awesome discussions going on. Today I've got examples of some simple string manipulation used in a clever way to avoid issues in processing logic later down the line, a look at logging a specific piece of information that I've never seen anyone log, but am now shocked that I haven't seen it many times, and even a particular sneak peek at a command that many may not have seen. If that's not enough encouragement to get active in the forums, I don't know what is. In the meantime, though, how about we look at some cool code?
Spaces in the Machine
in this example Yozzer is trying to figure out how to deal with spaces in their URI. More specifically, they are trying to perform a matchclass based on the value of a URI, and that match isn't functioning properly if there is a space in the string. This is a good catch as that could quite easily happen, and I'm impressed that it was caught before the solution got put into production (I 'm assuming that part I suppose). It's an easy fix, fortunately. As you can see below a simple string map can replace all spaces in the string with nothing, effectively deleting the spaces, and allowing you to match things properly for your matchclass. And before you ask, no, this isn't going to modify the URI for the request, just for the comparison. Keep in mind this would work with any character(s), which makes this a handy tool to have in your back pocket.
1: when HTTP_REQUEST {
2: log local0. "[HTTP::uri]"
3: log local0. "[string map {%20 ""} [HTTP::uri]]"
4: log local0. "[string tolower [URI::query [string map {%20 ""} [HTTP::uri]] id]]"
5: if {[matchclass [string tolower [URI::query [string map {%20 ""} [HTTP::uri]] id]] contains $::Portlet_ref]} {
6: log local0. "gotcha"
7: } else {
8: log local0. "not match"
9: }
10: }
Logging SSL Renegotiations
I've seen people logging just about every kind of data you can think of. From concurrent connections to requests per second to protocol specific info to...well, you get the idea. I haven't, however, ever seen anyone specifically trying to log the number of times that the SSL connection has been renegotiated. This is a very cool notion as SSL renegotiation handshakes take place for a number of reasons that you might want to be aware of in your environment. It's a simple chunk of code, but a very handy function that would be a lot harder to implement anywhere else.
1: when CLIENT_ACCEPTED {
2: # initialize TLS/SSL handshake count for this connection
3: set sslhandshakecount 0
4: }
5:
6: # if you have lower priority iRules on the CLIENTSSL_HANDSHAKE event, you have to make sure, that they don't interfere with this iRule
7: when CLIENTSSL_HANDSHAKE priority 100 {
8: # a handshake just occurred
9: incr sslhandshakecount
10:
11: # is this the first handshake in this connection?
12: if { $sslhandshakecount != 1 } {
13: # log (rate limited) the event (to /var/log/tmm)
14: log "\[VS [virtual] client [IP::client_addr]:[TCP::client_port]\]: TLS/SSL renegotiation occurred"
15: }
16: }
BIG-IP Hostname via iRule
All right...so this one isn't even really a full iRule, it's just a particular command, but I couldn't help myself. The idea of the 20LoL is to provide you useful chunks of iRules code in less than 21 lines. Even though this isn't a fully functioning iRule, and rather is just a snippet, I think it falls under those guidelines. This is a look at a command that isn't even fully documented in the wiki yet...that's how new it is. Think 11.2 new. The info command allows you to delve into information about the unit processing the iRule itself to retrieve bits that may be useful. In this case, that's the hostname. nitass confirmed for us that this is indeed live and working on his system out in the wild, so I figured I'd give you a peek here. Keep an eye out for more documents and wiki entries on new 11.2 commands of course, but here's your first taste of a simple one.
1: [info hostname]
2:
3: aji-lemon:~$ tclsh
4: % info hostname
5: aji-lemon
That's it for this week's 20LoL. I'll be back in 2 weeks with more iRules goodness in abbreviated form.