iRule table usage in FLOW_INIT event

Ben_Efrati · ‎04-May-2023

Hi,

According to https://clouddocs.f5.com/api/irules/table.html

table command is valid for all events except RULE_INIT

Valid Events:

I'm trying to use table command in FLOW_INIT event but always get empty value, while at CLIENT_ACCEPTED event the table return non empty value.

when FLOW_INIT {
  set srcip [IP::client_addr]
  set test_ip [table lookup -subtable "blacklist" $srcip] 
  log local0. "$srcip , table value: $test_ip"
}

log is "192.0.0.1 , table value: "

while same code in CLIENT_ACCEPTED event

when CLIENT_ACCEPTED{
  set srcip [IP::client_addr]
  set test_ip [table lookup -subtable "blacklist" $srcip] 
  log local0. "$srcip , table value: $test_ip"
}

log is "192.0.0.1 , table value: block"

Thanks

JRahm · ‎05-May-2023

Hi @Ben_Efrati, I checked the table source file documentation and there is nothing there that leaves out FLOW_INIT, however, I believe that's an oversight given the details on the FLOW_INIT event:

This event is triggered (once for TCP and unique UDP/IP flows) after packet filters, but before any AFM and TMM work occurs. The use cases for this event are:

Override ACL action
Bandwidth control on both client/server flows
Routing to another Vip
Marking qos tos/dscp on both client/server flows

I confirmed in my own local test that I am seeing the same behavior as you. You could open a case to get official confirmation, but I'm pretty confident you'll need to perform your lookups in CLIENT_ACCEPTED or later.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral

DevCentral

iRule table usage in FLOW_INIT event

MFA required on DevCentral