this is TCP::collect version. i did not test it in v10 but i think it could be okay.
this version is also applied to CEA; anyway, i have not found command to silently drop CCA message.
root@ve1100(Active)(/Common)(tmos) list ltm rule myrule
ltm rule myrule {
when SERVER_CONNECTED {
TCP::collect
}
when SERVER_DATA {
binary scan [TCP::payload] II a b
set comcode [expr {$b & 0xffffff}]
set mlen [expr {$a & 0xffffff}]
set rflag [expr {($b >> 31)&1}]
if { !($rflag) } {
switch $comcode {
280 -
282 { }
default {
set index 20
while {$index < $mlen} {
binary scan [TCP::payload $mlen] @${index}II avp_code avp_len
set avp_len [expr {$avp_len & 0xffffff}]
set avp_len_pad [expr {(($avp_len + 3)/4)*4}]
if {$avp_code == 268} {
binary scan [TCP::payload $mlen] @[expr {$index + 8}]I result
break
}
incr index $avp_len_pad
}
if {$result == 4011} {
reject
return
}
}
}
}
TCP::release
TCP::collect
}
}