Forum Discussion

Sathishkumar123's avatar
Sathishkumar123
Icon for Nimbostratus rankNimbostratus
Oct 15, 2017

Filter TCP payload in iRule

I am new to iRule and able to write small conditional statements. I have a simple iRule as below

 

when CLIENT_ACCEPTED {TCP :: collect}

 

when CLIENT_DATA { if { [TCP::payload] contains "SomeName/SomeServiceNameHere/"}

 

{ pool APoolUsedByMyApplication }

 

I know that my expected data SomeName/SomeServiceNameHere will be in first 500 bytes of my payload. Is it possible to selectively check the TCP payload? Say I would like to check from first 200 bytes to 600 bytes?

 

The rationale behind this is to avoid time taken for complete searching of TCP payload. I believe - if I am predictable about the string value which I am expecting is within particular range of TCP payload - there will be performance benefit.

 

Thanks for help in advance.

 

application delivery
BIG-IP
iRules

1 Reply

Sort By
  • Simon_Blakely's avatar
    Simon_Blakely
    Icon for Employee rankEmployee
    Oct 15, 2017

    TCP::collect can specify both the number of bytes to collect, and a number of bytes to skip before collecting

     

    TCP::collect

     

    Collect the specified amount of TCP payload data, after skipping the specified amount. The parameter specifies the minimum number of bytes to collect, and the parameter specifies the number of bytes to skip. The CLIENT_DATA event will be triggered when the data collection is complete, and also when the specified number of bytes have been skipped. In the latter case, there may not be any bytes yet collected ( TCP::payload is empty).

     

     

    Please note the additional caveats when using skip_bytes. You may be safer using

     

    TCP::collect