what's wrong with my syntax in this iRule?

Question

I want to write and iRule to key on a source IP and log the pre-shared master keys:
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
when CLIENTSSL_HANDSHAKE {
log local0. "[TCP::client_port] :: RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]"
}
when SERVERSSL_HANDSHAKE {
log local0. "[TCP::client_port] :: RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]"
}
}

kevin_stewart · Accepted Answer

Can't have iRule events nested inside other events.
&nbsp;
when CLIENTSSL_HANDSHAKE {
    if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
        log local0. "[TCP::client_port] :: RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]"
    }
}

when SERVERSSL_HANDSHAKE {
    if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
        log local0. "[TCP::client_port] :: RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]"
    }
}
&nbsp;

ken-dawg · Answer

Thank you so much Kevin, although for my SERVERSSL_HANDSHAKE i think i should use my self IP? Unless the iRule only looks at the cs-client-addr?

kevin_stewart · Answer

You're saying, if the client source address is 10.10.10.10, log the client side session-id and server side session-id.
[IP::client_addr] is still the client source, even on the server side.

ken-dawg · Answer

I tested it out and the client side worked, however the serverside did not. So i think I'll update the serverside with the self IP and see what i get. Thanks again Kevin!

Forum Discussion

what's wrong with my syntax in this iRule?

5 Replies

Recent Discussions

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Enabling AVR and creating Profiles

Related Content

What is WAAP?

What is CWE?

CVE: Who, What, Where, and When

What's Your Mission?

Use BIG-IP LTM Virtual Server & iRule for an internal "What's My IP" website