cancel
Showing results for 
Search instead for 
Did you mean: 

How to process Client side's TCP Payload after SERVER_CONNECTED?

Affa_1992
Nimbostratus
Nimbostratus

I'm trying to write an iRule to process TCP Payload.

 

I want to rewrite the clientside's first payload after SERVER_CONNECTED event raised.

 

But I log message withing every event, I found the CLIENT_DATA was raised before

 

SERVER_CONNECTED.

 

Does anyone have any ideas to process TCP Payload after SERVER_CONNECTED event?

 

 

Thanks.

 

 

6 REPLIES 6

kpiti_52215
Nimbostratus
Nimbostratus

You should do something in the line:

 

 

when SERVER_CONNECTED { TCP::collect } when SERVER_DATA { TCP::payload replace 0 [TCP::payload length] "Your string" TCP::release }

 

It depends where you started the collect process, if you started it in CLIENT_ACCEPTED event it will collect the client side of data. You might also look into

 

 

serverside { TCP::collect } clientside { TCP::collect }

 

to be more specific where you want the collection to happen

 

kpiti_52215
Nimbostratus
Nimbostratus

I read too fast. If you need to process client data after first server event, you could do

 

 

when SERVER_CONNECTED { clientside {TCP::collect} }

 

Affa_1992
Nimbostratus
Nimbostratus
Thanks for replying.

 

 

I have been tried to write some iRule as the following like:

 

 

when CLIENT_ACCEPTED {

 

snat x.x.x.x

 

}

 

 

when SERVER_CONNECTED {

 

set SNAT_IP [serverside {IP::client_addr}]

 

clientside { TCP::collect }

 

}

 

 

when CLIENT_DATA {

 

TCP::payload replace 0 4 $SNAT_IP

 

TCP::release

 

TCP::collect

 

}

 

 

I found that F5 will receive some tcp payload when CLIENT_ACCEPTED event raised so that

 

I will miss some tcp payload to replace string which I want to change.

 

 

I want to process the *first* tcp payload after SERVER_CONNECTED raised. That means

 

the CLIENT_DATA with first payload raised after SERVER_CONNECTED.

 

 

Does my codes have any wrong?

Affa_1992
Nimbostratus
Nimbostratus
Thanks for replying.

 

 

I have been tried to write some iRule as the following like:

 

 

when CLIENT_ACCEPTED {

 

snat x.x.x.x

 

}

 

 

when SERVER_CONNECTED {

 

set SNAT_IP [serverside {IP::client_addr}]

 

clientside { TCP::collect }

 

}

 

 

when CLIENT_DATA {

 

TCP::payload replace 0 4 $SNAT_IP

 

TCP::release

 

TCP::collect

 

}

 

 

I found that F5 will receive some tcp payload when CLIENT_ACCEPTED event raised so that

 

I will miss some tcp payload to replace string which I want to change.

 

 

I want to process the *first* tcp payload after SERVER_CONNECTED raised. That means

 

the CLIENT_DATA with first payload raised after SERVER_CONNECTED.

 

 

Does my codes have any wrong?

nitass
F5 Employee
F5 Employee
what about this?

 

 

[root@ve10:Active] config b virtual bar80 list virtual bar80 { snat automap pool foo destination 172.28.19.252:80 ip protocol 6 rules myrule } [root@ve10:Active] config b pool foo list pool foo { members 200.200.200.101:80 {} } [root@ve10:Active] config b rule myrule list rule myrule { when CLIENT_ACCEPTED { log local0. "-" } when CLIENT_DATA { log local0. "-" log local0. "[TCP::payload]" log local0. "[LB::server addr]:[LB::server port]" TCP::release TCP::collect } when LB_SELECTED { log local0. "-" TCP::collect } when SERVER_CONNECTED { log local0. "-" TCP::collect } when SERVER_DATA { log local0. "-" log local0. "[TCP::payload]" TCP::release TCP::collect } } [root@ve10:Active] config tail -f /var/log/ltm Jan 14 22:41:17 local/tmm info tmm[4884]: Rule myrule : - Jan 14 22:41:17 local/tmm info tmm[4884]: Rule myrule : - Jan 14 22:41:17 local/tmm info tmm[4884]: Rule myrule : - Jan 14 22:41:17 local/tmm info tmm[4884]: Rule myrule : GET / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.19.252 Accept: */* Jan 14 22:41:17 local/tmm info tmm[4884]: Rule myrule : 200.200.200.101:80 Jan 14 22:41:17 local/tmm info tmm[4884]: Rule myrule : - Jan 14 22:41:17 local/tmm info tmm[4884]: Rule myrule : - Jan 14 22:41:17 local/tmm info tmm[4884]: Rule myrule : HTTP/1.1 200 OK Date: Mon, 14 Jan 2013 15:06:17 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Sat, 27 Oct 2012 03:22:35 GMT ETag: "4183f3-59-f28f94c0" Accept-Ranges: bytes Content-Length: 89 Content-Type: text/html; charset=UTF-8 This is 101 host.

nitass
F5 Employee
F5 Employee
have you seen this article?

 

 

Oracle RAC Connection String Rewrite by Jason

 

https://devcentral.f5.com/tech-tips/articles/oracle-rac-connection-string-rewrite

 

 

hope this helps.