Forum Discussion

s3s1277_111291's avatar
s3s1277_111291
Icon for Nimbostratus rankNimbostratus
Jan 18, 2013

ftp iRule question

I've used this, to capture ftp username from tcp payload.

 

https://devcentral.f5.com/wiki/iRul...gging.ashx

 

However, is there a way to match the captured username with a datagroup, that contains list of usernames, and decide to route to a pool xyz? The datagroup type string in v10 takes string and value, while I have list of usernames only. and can I put that in the CLIENT_DATA event within the same iRule? Doesn't seem to work for me.

 

 

application delivery
dev
devops
iRules

2 Replies

Sort By
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jan 19, 2013
    i do not think you can use FTP Session Logging codeshare as a template because the 1st SERVER_DATA happens before the 1st CLIENT_DATA.

    e.g. 

    [root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.252:21
   ip protocol 6
   rules myrule
   profiles {
      ftp {}
      tcp {}
   }
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when CLIENT_ACCEPTED {
  log local0. "-"
  TCP::collect 0 0
}
when CLIENT_DATA {
  log local0. "-"
  log local0. [TCP::payload]
  TCP::release
  TCP::collect
}
when SERVER_CONNECTED {
  log local0. "-"
  TCP::collect
}
when SERVER_DATA {
  log local0. "-"
  log local0. [TCP::payload]
  TCP::release
  TCP::collect
}
}

[root@ve10:Active] config  tail -f /var/log/ltm
Jan 19 16:27:48 local/tmm info tmm[4884]: Rule myrule : -
Jan 19 16:27:48 local/tmm info tmm[4884]: Rule myrule : -
Jan 19 16:27:48 local/tmm info tmm[4884]: Rule myrule : -
Jan 19 16:27:48 local/tmm info tmm[4884]: Rule myrule : 220 (vsFTPd 2.0.5)
Jan 19 16:27:48 local/tmm info tmm[4884]: Rule myrule : -
Jan 19 16:27:48 local/tmm info tmm[4884]: Rule myrule : AUTH GSSAPI
Jan 19 16:27:48 local/tmm info tmm[4884]: Rule myrule : -
Jan 19 16:27:48 local/tmm info tmm[4884]: Rule myrule : 530 Please login with USER and PASS.
Jan 19 16:27:48 local/tmm info tmm[4884]: Rule myrule : -
Jan 19 16:27:48 local/tmm info tmm[4884]: Rule myrule : AUTH KERBEROS_V4
Jan 19 16:27:48 local/tmm info tmm[4884]: Rule myrule : -
Jan 19 16:27:48 local/tmm info tmm[4884]: Rule myrule : 530 Please login with USER and PASS.
Jan 19 16:27:50 local/tmm info tmm[4884]: Rule myrule : -
Jan 19 16:27:50 local/tmm info tmm[4884]: Rule myrule : USER anonymous
Jan 19 16:27:50 local/tmm info tmm[4884]: Rule myrule : -
Jan 19 16:27:50 local/tmm info tmm[4884]: Rule myrule : 331 Please specify the password.
Jan 19 16:27:50 local/tmm info tmm[4884]: Rule myrule : -
Jan 19 16:27:50 local/tmm info tmm[4884]: Rule myrule : PASS
Jan 19 16:27:50 local/tmm info tmm[4884]: Rule myrule : -
Jan 19 16:27:50 local/tmm info tmm[4884]: Rule myrule : 230 Login successful.

    instead, i think you should use FTP proxy v10 to proxy client connection until receiving username.

    FTP proxy v10 by Bhattman

    https://devcentral.f5.com/wiki/irules.FTP-Proxy.ashx

    e.g. 

    [root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   destination 172.28.19.252:21
   ip protocol 6
   rules myrule
   profiles {
      ftp {}
      tcp {}
   }
}
[root@ve10:Active] config  b pool foo1 list
pool foo1 {
   members 200.200.200.101:21 {}
}
[root@ve10:Active] config  b pool foo2 list
pool foo2 {
   members 200.200.200.111:21 {}
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when CLIENT_ACCEPTED {
  log local0. "-"
  log local0. "220\r\n"
  TCP::respond "220\r\n"
  TCP::collect
}

when CLIENT_DATA {
  log local0. "-"
  log local0. [TCP::payload]
  if { [TCP::payload] starts_with "USER" } {
    scan [TCP::payload] {USER%s} cuser
    switch $cuser {
      "garfield" { pool foo1 }
      default { pool foo2 }
    }
    TCP::payload replace 0 [string length [TCP::payload]] ""
    TCP::release
    return
  }
  TCP::payload replace 0 [string length [TCP::payload]] ""
  log local0. "530 Please login with USER and PASS.\r\n"
  TCP::respond "530 Please login with USER and PASS.\r\n"
}
when SERVER_CONNECTED {
  log local0. "-"
  log local0. "client [IP::client_addr]:[TCP::client_port] server [IP::remote_addr]:[TCP::release]"
  TCP::collect
}
when SERVER_DATA {
  log local0. "-"
  log local0. [TCP::payload]
  if { [TCP::payload] starts_with "220" } {
    TCP::respond "USER $cuser\r\n"
    TCP::payload replace 0 [string length [TCP::payload]] ""
  }
  TCP::release
}
}

 anonymous

[root@centos251 ~] ftp 172.28.19.252
Connected to 172.28.19.252.
220
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (172.28.19.252:root): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (172,28,19,252,122,137)
150 Here comes the directory listing.
drwxr-xr-x    2 0        0            4096 May 30  2011 pub
226 Directory send OK.

[root@ve10:Active] config  tail -f /var/log/ltm
Jan 19 17:14:52 local/tmm info tmm[4884]: Rule myrule : client 172.28.19.251:44457 server 200.200.200.111:0

 garfile

[root@centos251 ~] ftp 172.28.19.252
Connected to 172.28.19.252.
220
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (172.28.19.252:root): garfield
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (172,28,19,252,193,201)
150 Here comes the directory listing.
226 Directory send OK.

[root@ve10:Active] config  tail -f /var/log/ltm
Jan 19 17:15:35 local/tmm info tmm[4884]: Rule myrule : client 172.28.19.251:44459 server 200.200.200.101:0