Forum Discussion

jvuong004_98902's avatar
jvuong004_98902
Icon for Nimbostratus rankNimbostratus
Oct 14, 2011

Stream::Replace Will Not Work

Hopefully someone can help me out and tell me what I'm doing wrong. I currently am trying to append a domain name to an IMAP login name. I am able to do so with a simple regular expression in STREAM::expression (STREAM::expression {:\" \":@doman.com" ":}) but it's not dynamic enough and I was hoping to use some logic in STREAM::match and use STREAM::replace. Unfortunately, I cannot even get the replace line to replace a single character. Below is my sample code:

 

 

when CLIENT_ACCEPTED {

 

STREAM::expression :LOGIN\ .*:

 

STREAM::enable

 

}

 

 

 

 

 

when STREAM_MATCHED {

 

STREAM::replace "$logon $username $pass [STREAM::match]"

 

 

if {[STREAM::match] starts_with "LOGIN"}{

 

log local0. "Replace string conditional: true"

 

 

STREAM::replace "[string map {L G} [STREAM::match]]"

 

}

 

 

 

log local0. "Stream filter matched: [STREAM::match]"

 

}

 

 

 

 

 

 

For whatever reason, it won't replace anything. Once I get the code to do simple replacements, I hope to replace the entire stream with variables that I define. Hopefully someone can point out what I am doing wrong.

 

 

 

 

 

Please note that I am testing this by attempting to log in with an email client attaching to IMAP. I am able to cause failures by replacing with STREAM::expression but, again, any replacement attempts with STREAM::replace will not work. The IMAP packet format is LOGIN "username" "password". So logically, if I replace the letter L with anything else it would fail. Again, I can do it with STREAM::expression but not STREAM::replace.

 

 

 

  • c_p_i_o_17707's avatar
    c_p_i_o_17707
    Historic F5 Account
    I think that you are using the STREAM::expression command incorrectly.

     

    http://devcentral.f5.com/wiki/iRules.STREAM__expression.ashx

     

    Notice the delimiter is the @ sign.

     

     

    Further, I have not seen STREAM::expression be used in CLIENT_ACCEPTED event. Perhaps this does not work? Unfortunately the wiki does not list valid events for these expressions. I'd have to do some research.
  • Thanks for the response. Actually, the delimiter can be set to a number of items. It just depends on what you decide upon. I was using the @ sign at first but since I was appending domain names that have @domain.com it was not parsing out correctly. Please note that the STREAM::expression line does work and does match. I have it logging out and it works just fine. I have alternate code that runs my replacements just fine. Alternate code is below:

     

     

    Behavior of below code:

     

    ----------------------------

     

    Input: LOGIN "username" "password"

     

    Output: LOGIN "username@domain.com" "password"

     

     

    -------------------------

     

     

    when CLIENT_ACCEPTED {

     

    STREAM::expression {:\" \":@domain.com" ":}

     

    STREAM::enable

     

    }

     

     

     

    when STREAM_MATCHED {

     

     

    log local0. "Stream filter matched: [STREAM::match]"

     

    }

     

     

     

     

    ****************************************

     

    Reference Article for using alternate delimiters:

     

    ****************************************

     

     

     

    http://devcentral.f5.com/Tutorials/...sions.aspx

     

     

     

    Quote:

     

     

     

    "The first character in the field () defines the delimiter bounding each field for this replacement, and must not appear anywhere else in the target string. can be any one of the following characters:

     

     

    .*/-:_?=@,&

     

    (period, asterisk, forward slash, dash, colon, underscore, question mark, equals, at, comma, ampersand)"

     

     

     

  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    Are you getting log entires with the STREAM::match block? The code looks fine, so I'm thinking there is something else afoot here.

     

     

    Colin
  • I am. Which is odd. I am tailing the log and I am getting print outs saying that it is matching but no stream replacement is occuring.

     

     

    Oct 13 22:59:26 tmm tmm[1878]: Rule IMAP_Domain_append.irule : CONDITIONAL HIT

     

    Oct 13 22:59:26 tmm tmm[1878]: Rule IMAP_Domain_append.irule : Stream filter matched: LOGIN "username" "password"

     

    Oct 13 22:59:26 tmm tmm[1878]: 01200004:5: Packet rejected remote IP 147.140.19.81 port 138 local IP 147.140.19.255 port 138 proto UDP: Port closed.

     

     

     

     

  • Hi jvuong004,

    Try moving the STREAM::expression to the HTTP_RESPONSE event since a stream profile replaces things on the response and inside of your STREAM_MATCHED, execute the replacement for each of your stream expressions.

     
    when HTTP_RESPONSE {
    STREAM::expression ":foo:: :bar::"
    STREAM::enable 
    }
    when STREAM_MATCHED {
    log local0. "Stream filter matched: [STREAM::match]"
    STREAM::replace "[string map {"foo" "I replaced foo" "bar" "I replaced bar"} [STREAM::match]]"
    }
    

    Hope this helps.
  • Thanks for the response. Unfortunately I am not using HTTP and using strictly IMAP, so the HTTP_Response event does not work. I tried it anyways and received HTTP profile required error.
  • Does anyone have any other suggestions? I was wondering if there are any known issues with the version that I am using? We are currently on 9.4.7. Everywhere I look my code looks correct. Please let me know if you guys need any more information from me.