Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Another Binary Scan Question - Parsing Binary Flag Fields

Hi All On an LTM only license (so no DNS:: objects which would be much easier I agree, but $$$) I'm trying to parse flag field values out of a DNS UDP Message packet. The packet layout and what I've been trying is below

`#      0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5`
`#    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+`
`#    |                      ID                       | bytes = 0 1`
`#    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+`
`#    |QR|   Opcode  |AA|TC|RD|RA|   Z    |   RCODE   | bytes = 2 3`
`#    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+`

This gives you the first two bytes and I convert to decimal just fine:
binary scan [ string range [UDP::payload] 0 1 ] S sTranIDbytes
set queryid [expr {$sTranIDbytes & 0x00ff}]

The next two bytes are where I am having troubles.  My latest attempt is
binary scan [ string range [UDP::payload] 2 3 ] b1b4b1b1b1b1b3b4 qr opcode aa tc rd ra z rcode
log local0.info "qr=[expr {$qr & 0xf}] opcode=[expr {$opcode & 0xf}] aa=[expr {$aa & 0xf}] tc=[expr {$tc & 0xf}] rd=[expr {$rd & 0xf}] ra=[expr {$ra & 0xf}] z=[expr {$z & 0xff}] rcode=[expr {$rcode & 0xff}]"

which I thought would give me what I needed, but doesn't seem to work.  I get log errors that variables aren't set (like $aa) which tells me that my parsing isn't set correctly.  I can successfully get the hex value for the whole two bytes so i know I'm looking at the right data.  It's just the binary scan formatting that's giving me grief.  I've looked at several examples including the iRules 101 articles, but they seem to only address whole byte examples.  Any thoughts, examples, or direction would be appreciated.
0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

you can find this irule which decode dns question and encode answer.

First extract flags to bits string

binary scan [UDP::payload] SB16SSSSH* ID REQUEST_FLAGS QDCOUNT ANCOUNT NSCOUNT ARCOUNT RESOURCES

then extract bits from flags

set bit7 [string index $REQUEST_FLAGS 7]

I had the same question and it seems that b option in binary scan read the last bit of the whole byte.

0
Comments on this Answer
Comment made 08-Feb-2018 by Jon Macy 68

Worked great! Thanks

0