Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

what's wrong with my syntax in this iRule?

Go to solution
Ken-Dawg
Nimbostratus
Nimbostratus

‎22-Sep-2022 11:40

I want to write and iRule to key on a source IP and log the pre-shared master keys:
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
when CLIENTSSL_HANDSHAKE {
log local0. "[TCP::client_port] :: RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]"
}
when SERVERSSL_HANDSHAKE {
log local0. "[TCP::client_port] :: RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]"
}
}

Labels:
0 Kudos
2 ACCEPTED SOLUTIONS

Go to solution
Kevin_Stewart
F5 Employee
F5 Employee

‎22-Sep-2022 12:26 - edited ‎22-Sep-2022 12:28

Can't have iRule events nested inside other events.

 

when CLIENTSSL_HANDSHAKE {
    if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
        log local0. "[TCP::client_port] :: RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]"
    }
}

when SERVERSSL_HANDSHAKE {
    if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
        log local0. "[TCP::client_port] :: RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]"
    }
}

 

View solution in original post

Go to solution
Kevin_Stewart
F5 Employee
F5 Employee
In response to Ken-Dawg

‎22-Sep-2022 13:26

Just do this in the server side event to see what the client IP is:

when SERVERSSL_HANDSHAKE {
    log local0. "client IP: [IP::client_addr]"
    if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
        log local0. "[TCP::client_port] :: RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]"
    }
}

View solution in original post

0 Kudos
5 REPLIES 5

Go to solution
Kevin_Stewart
F5 Employee
F5 Employee

‎22-Sep-2022 12:26 - edited ‎22-Sep-2022 12:28

Can't have iRule events nested inside other events.

 

when CLIENTSSL_HANDSHAKE {
    if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
        log local0. "[TCP::client_port] :: RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]"
    }
}

when SERVERSSL_HANDSHAKE {
    if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
        log local0. "[TCP::client_port] :: RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]"
    }
}

 

Go to solution
Ken-Dawg
Nimbostratus
Nimbostratus
In response to Kevin_Stewart

‎22-Sep-2022 12:43

Thank you so much Kevin, although for my SERVERSSL_HANDSHAKE i think i should use my self IP? Unless the iRule only looks at the cs-client-addr?

0 Kudos

Go to solution
Kevin_Stewart
F5 Employee
F5 Employee
In response to Ken-Dawg

‎22-Sep-2022 12:51

You're saying, if the client source address is 10.10.10.10, log the client side session-id and server side session-id.

[IP::client_addr] is still the client source, even on the server side.

0 Kudos

Go to solution
Ken-Dawg
Nimbostratus
Nimbostratus
In response to Ken-Dawg

‎22-Sep-2022 13:24

I tested it out and the client side worked, however the serverside did not. So i think I'll update the serverside with the self IP and see what i get. Thanks again Kevin!

0 Kudos

Go to solution
Kevin_Stewart
F5 Employee
F5 Employee
In response to Ken-Dawg

‎22-Sep-2022 13:26

Just do this in the server side event to see what the client IP is:

when SERVERSSL_HANDSHAKE {
    log local0. "client IP: [IP::client_addr]"
    if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
        log local0. "[TCP::client_port] :: RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]"
    }
}
0 Kudos
Copyright © 2023 Khoros, LLC