Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral


Questions and Answers

Loading... Loading...

I've been working on an iRule to open a sideband connection to a web server to submit a username and password via a GET, then receive response data.  Although, it seems that the data received is limited to 933 bytes.  Doing a packet capture on the virtual server that the sideband connection hits shows the full payload returning through the virtual server, but the variable set through the sideband consistently contains only 933 bytes.

 

Is there an unpublished limit of some kind for sideband connections?

 

Thanks

 


6 Answer(s):

Hi Richard,

No, there's no hardcoded limits to the amount of data that can be transmitted over a sideband connection. Can you capture a tcpdump of the LTM to sideband destination host and see which side is closing/resetting the connection?

If you want help reviewing the iRule, could you post an anonymized copy of it?

Thanks, Aaron

Hey Aaron,

 

Thanks for responding.

 

When I do a capture, I see the entire payload being returned through the virtual server that the sideband connection uses.  Although, the variable that gets set from the recv command only contains the first 933 bytes, consistently.  Specifically, the response data contains a Location header of about 2000 bytes.  The variable that recv sets only contains about half of the Location header data.  None of the other headers are contained in the variable either.

 

Below is some code I've been testing with.  I lifted almost all of it from your Sideband example iRule.  Unfortunately, the response data is lacking a Content-Length header, so I'm trying to get that changed in the server side code.  In the mean time, I'm trying to pull different data chunk sizes by specifying the bytes, but no go. 

 

In the logs, you notice that recv_data2 contains a few more bytes than the peek output - 20 bytes to be exact - same number of bytes as "HTTP/1.1 201 Created", which becomes recv_data1.  So both the peek and recv are both returning 933 bytes (URI has been trimmed, so output below isn't exactly 933 bytes).  You can see that I upped the number of iterations through the loop, as well as the peek timeout.  Every interation through the for loop still shows exactly the same data in the peek output.

 

    if {[catch {connect -timeout 1000 -idle 300 -status conn_status virtual_server_name} conn] == 0 && $conn ne ""}{
      set conn_info [connect info -idle -status $conn]
      set send_info [send -timeout 3000 -status send_status $conn $send_str]

      set start [clock clicks -milliseconds]
      for {set i 0} {$i <= 100} {incr i} {
        set recv_data [recv -peek -status peek_status -timeout 100 5000 $conn]
        log local0. "Peek: $recv_data"
      }
      set recv_data1 [recv -eol -timeout 5000 -status recv_info $conn]
      set recv_data2 [recv -eol -timeout 5000 -status recv_info $conn]
      set recv_data3 [recv -eol -timeout 5000 -status recv_info 1000 $conn]
      set recv_data4 [recv -eol -timeout 5000 -status recv_info 2000 $conn]

      log local0. "Recv1: $recv_data1"
      log local0. "Recv2: $recv_data2"
      log local0. "Recv3: $recv_data3"
      log local0. "Recv4: $recv_data4"
 }

 

Log:

 

Peek: HTTP/1.1 201 Created  Location: https://1.2.3.4/path/to/uri/bThFQW1xR2tXMU5JdE1GTzA5aG1kaW1LNkNYVFBNUE00MEZLZ2RYOEZsL1h0aXpjN2pLQ0VHNC9SZDBURVhkMEdHWWg4dnJpWHdvL0svVkNqaGYwZnJHWmNib2dUYi8wRUJSTTZkQWN0cENncW9Lazk1U2VyZnA5Ri9ia1VJVFZUbzEzQjBuVHNxM1RROEVaTUNNdnpGb016cFZaV2YyR0gvUVZFbmh3SmpHUythVkljbXlNeW5tRmNMS3JhY09sYWQvQVRYa0laSnhlRVBCRmdYL2NSYmVOV2VuWmxyeXRnejVZUGNOSWhWbEZRc0VXNy9hYUZxTUk0eGhFZGxOMmIwMm9xQU9LM0FWeStldTVNb2ZIWC9HTnp1dkJ4YWdFN0JUamZiVWpTeHhob3ZaK0xvYWVaTkY2cEVuVkMyTHkwUkJaNzdBN1k0cUJIVGJwaWpMZitLT2lsdGRERU9aYUJWVDBSeUVPYUNmWTZOOCtDbXg3aVgwSmhmN1NGRUJQME9rM01OUlNiQzhhRmV0Rk1lRHNzeXl3Q01QZTdUUEdwencwT2lPYmprMGdWd3M1TG1IQ21QME5hSS8rN1ltNjQ1MGhUZ05VaWp3Y0xsWjdOdTUxK1VvYmtmNWh5NFNoYTFNNXNwUk1zYndtRTJvckFxZko1ZVRpa0p4cGVqa2JlVzB1a3FQL0xRS28xUW1sR1UyZHhpVERUdSt5cnF2b3dxQWRtL2IwMWo5aDB2NDM3Lzd0RXQxQmNUQWpEaEZiZ1Fvc09JTDZTV1I3d1FXOExOMDRkZzFLYjRxTUlHemE5K2htKzN4cS9Ec01FdjhQY3dCbjJvclA

Recv1: HTTP/1.1 201 Created

Recv2:  Location: https://1.2.3.4/path/to/uri/bThFQW1xR2tXMU5JdE1GTzA5aG1kaW1LNkNYVFBNUE00MEZLZ2RYOEZsL1h0aXpjN2pLQ0VHNC9SZDBURVhkMEdHWWg4dnJpWHdvL0svVkNqaGYwZnJHWmNib2dUYi8wRUJSTTZkQWN0cENncW9Lazk1U2VyZnA5Ri9ia1VJVFZUbzEzQjBuVHNxM1RROEVaTUNNdnpGb016cFZaV2YyR0gvUVZFbmh3SmpHUythVkljbXlNeW5tRmNMS3JhY09sYWQvQVRYa0laSnhlRVBCRmdYL2NSYmVOV2VuWmxyeXRnejVZUGNOSWhWbEZRc0VXNy9hYUZxTUk0eGhFZGxOMmIwMm9xQU9LM0FWeStldTVNb2ZIWC9HTnp1dkJ4YWdFN0JUamZiVWpTeHhob3ZaK0xvYWVaTkY2cEVuVkMyTHkwUkJaNzdBN1k0cUJIVGJwaWpMZitLT2lsdGRERU9aYUJWVDBSeUVPYUNmWTZOOCtDbXg3aVgwSmhmN1NGRUJQME9rM01OUlNiQzhhRmV0Rk1lRHNzeXl3Q01QZTdUUEdwencwT2lPYmprMGdWd3M1TG1IQ21QME5hSS8rN1ltNjQ1MGhUZ05VaWp3Y0xsWjdOdTUxK1VvYmtmNWh5NFNoYTFNNXNwUk1zYndtRTJvckFxZko1ZVRpa0p4cGVqa2JlVzB1a3FQL0xRS28xUW1sR1UyZHhpVERUdSt5cnF2b3dxQWRtL2IwMWo5aDB2NDM3Lzd0RXQxQmNUQWpEaEZiZ1Fvc09JTDZTV1I3d1FXOExOMDRkZzFLYjRxTUlHemE5K2htKzN4cS9Ec01FdjhQY3dCbjJvclA1VUJiZnd5SmEwZDh6Zm1

Recv3:

Recv4:
 

Thanks

 

Richard

 

this is mine. i am running 11.3.0.

root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos)# list ltm virtual bar80
ltm virtual bar80 {
    destination 172.28.20.14:80
    ip-protocol tcp
    mask 255.255.255.255
    profiles {
        tcp { }
    }
    rules {
        myrule
    }
    source 0.0.0.0/0
    vlans-disabled
}
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos)# list ltm rule myrule
ltm rule myrule {
    when CLIENT_ACCEPTED {
  if {[catch {connect -timeout 1000 -idle 300 -status conn_status 200.200.200.111:80} conn] == 0 && $conn ne ""}{
      set conn_info [connect info -idle -status $conn]
      set send_info [send -timeout 3000 -status send_status $conn "GET /test.html HTTP/1.0\r\n\r\n"]

      set start [clock clicks -milliseconds]
      for {set i 0} {$i <= 10} {incr i} {
        set recv_data [recv -peek -status peek_status -timeout 100 5000 $conn]
        log local0. "Peek: [string length $recv_data]"
      }
      set recv_data1 [recv -eol -timeout 5000 -status recv_info $conn]
      set recv_data2 [recv -eol -timeout 5000 -status recv_info $conn]
      set recv_data3 [recv -eol -timeout 5000 -status recv_info 1000 $conn]
      set recv_data4 [recv -eol -timeout 5000 -status recv_info 2000 $conn]

      log local0. "Recv1: [string length $recv_data1]"
      log local0. "Recv2: [string length $recv_data2]"
      log local0. "Recv3: [string length $recv_data3]"
      log local0. "Recv4: [string length $recv_data4]"
  }
  TCP::respond OK
}
}

[root@ve11a:Active:Changes Pending] config # tail -f /var/log/ltm
Jan 26 15:08:12 ve11a info tmm[11170]: Rule /Common/myrule <CLIENT_ACCEPTED>: Peek: 2284
Jan 26 15:08:12 ve11a info tmm[11170]: Rule /Common/myrule <CLIENT_ACCEPTED>: Peek: 2284
Jan 26 15:08:12 ve11a info tmm[11170]: Rule /Common/myrule <CLIENT_ACCEPTED>: Peek: 2284
Jan 26 15:08:12 ve11a info tmm[11170]: Rule /Common/myrule <CLIENT_ACCEPTED>: Peek: 2284
Jan 26 15:08:12 ve11a info tmm[11170]: Rule /Common/myrule <CLIENT_ACCEPTED>: Peek: 2284
Jan 26 15:08:12 ve11a info tmm[11170]: Rule /Common/myrule <CLIENT_ACCEPTED>: Peek: 2284
Jan 26 15:08:12 ve11a info tmm[11170]: Rule /Common/myrule <CLIENT_ACCEPTED>: Peek: 2284
Jan 26 15:08:12 ve11a info tmm[11170]: Rule /Common/myrule <CLIENT_ACCEPTED>: Peek: 2284
Jan 26 15:08:12 ve11a info tmm[11170]: Rule /Common/myrule <CLIENT_ACCEPTED>: Peek: 2284
Jan 26 15:08:12 ve11a info tmm[11170]: Rule /Common/myrule <CLIENT_ACCEPTED>: Peek: 2284
Jan 26 15:08:12 ve11a info tmm[11170]: Rule /Common/myrule <CLIENT_ACCEPTED>: Peek: 2284
Jan 26 15:08:12 ve11a info tmm[11170]: Rule /Common/myrule <CLIENT_ACCEPTED>: Recv1: 16
Jan 26 15:08:12 ve11a info tmm[11170]: Rule /Common/myrule <CLIENT_ACCEPTED>: Recv2: 2268
Jan 26 15:08:12 ve11a info tmm[11170]: Rule /Common/myrule <CLIENT_ACCEPTED>: Recv3: 0
Jan 26 15:08:12 ve11a info tmm[11170]: Rule /Common/myrule <CLIENT_ACCEPTED>: Recv4: 0

Thanks for the reply, nitass.

 

I did some more investigation into what I'm seeing.  I have replicated your results with the [string length $recv_data1], but it turns out it's actually printing the contents of $recv_data1 that my issue appears.

 

I modified your iRule as such:

 

      log local0. "Recv1: [string length $recv_data1]"
      log local0. "Recv1: $recv_data1"
      log local0. "Recv2: [string length $recv_data2]"
      log local0. "Recv2: $recv_data2"
 

This is what I get in the logs.  Notice the second "Recv2" line.  If you count up the bytes actually printed by the '      log local0. "Recv2: $recv_data2"' statement, you'll see it's only 933 bytes of data.  Recv2 includes all of the 'a' characters, btw.  So the [string length $recv_data2] lists the correct number of bytes returned by the sideband recv statement, but printing the variable only gives 933 bytes....

 

Feb  5 11:17:38 bigip11sysb info tmm[8422]: Rule /Common/amex_irule : Peek: 1518
Feb  5 11:17:39 bigip11sysb info tmm[8422]: Rule /Common/amex_irule : Peek: 1518
Feb  5 11:17:44 bigip11sysb info tmm[8422]: Rule /Common/amex_irule : Recv1: 16
Feb  5 11:17:44 bigip11sysb info tmm[8422]: Rule /Common/amex_irule : Recv1: HTTP/1.1 200 OK
Feb  5 11:17:44 bigip11sysb info tmm[8422]: Rule /Common/amex_irule : Recv2: 1502
Feb  5 11:17:44 bigip11sysb info tmm[8422]: Rule /Common/amex_irule : Recv2:  Date: Mon, 01 Jan 2007 09:12:49 GMT  Server: Apache/2.2.22 (FreeBSD) PHP/5.4.4 mod_ssl/2.2.22 OpenSSL/0.9.8q DAV/2  Last-Modified: Mon, 01 Jan 2007 09:08:49 GMT  ETag: "9e7c76-4d2-425f6f62a6a40"  Accept-Ranges: bytes  Content-Length: 1234  Content-Type: text/html    aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 

Hi Richard,

Logging locally via syslog-ng you're limited to ~1000 bytes. If you want to log longer messages, you can set up a remote syslog server and use HSL to send the messages remotely. HSL is a best practice to use if you're going to log high volumes of messages as well.

HSL:
https://devcentral.f5.com/wiki/iRules.hsl.ashx

log command limitation:
https://devcentral.f5.com/wiki/iRules.log.ashx
The syslog facility is limited to logging 1024 bytes per request. Longer strings will be truncated.

Aaron

Ah, that makes sense.  I don't really need to log the data, but I'm using logging statements during development.  I will ignore the limited logging output and just assume the data I need is there in the variable and continue development.

 

Thanks guys!

Your answer:

You must be logged in to reply. You can login here.