In light of all the "packets you don't want on your F5 anymore" like TLS Heartbeat messages, certain TLS Cipher Suites, certain DNS messages, etc., etc.,... I have created something I dubbed a "protocol profiler".
It's a longshot, and I'm pretty certain nobody will give it a try, but if you're curious, read on :)
I must warn you, it's not your average iRule-to-go; if you're bold enough to want to see it in action, you'll probably have a hard time setting it up the first time. I've included a rough step-by-step process below.
It's a protocol mapper that allows you to log/drop/reject/... based on any and all fields of any L5/6/7 protocol, without having to attach a protocol profile to the virtual server.
The code is fairly well documented, but definitely not optimized for speed or efficiency, although I did run a full 100Mbit of continuous HTTPS POST connections through it, without crash/block/slowdown on a virtual edition.
It is probably way to complex to ever put in production, but I'm having fun creating it, so if you're an iRule geek, try it out. :D
A lot, and nothing at the same time. You can log, drop, reject, create statistics,... based on any and all fields of any protocol. Below are a few examples of possible usecases:
Thanks! Jason Rahm asked me to create some sort of design-thingy around the howto, but I haven't found the time yet.
I like how there are actually people digging into it...
Imagine having a profile that implements the code's functionality... like LTM policies did with a lot of things you used to need an iRule for; this functionality with a GUI would be epic.
I must admit though... I'm pouring it into an iApp that'll allow you to choose the fields on which to take action... experimenting never stops :D
Very impressive work Thomas! A few of us are checking out your code examples.