This could either be really simple in you just need to use an iRule for persistence due to some event ordering or something in which case the following iRule should work:
when CLIENT_ACCEPTED {
Set persistence to use msrdp with timeout of 20 mins
persist msrdp 1200
}
However, I am guessing the solution is to actually read the TCP payload and identify an element you can use with
persist uie
.
However I don't know enough about the TCP packet structure but from the little I have found something like this is what you would need:
NOTE: I have not tested this, it is a raw iRule so test and check the logs to see what output you get.
when CLIENT_ACCEPTED {
Collect TCP payload to parse,
skip first 11 bytes and collect 14 bytes
TCP::collect 14 11
}
when CLIENT_DATA {
Read binary payload and convert to string
binary scan [TCP::payload] a* msRdp
log local0.info "msRdp=$msRdp"
if {[string tolower $msRdp] starts_with "cookie: mstshash="} {
set msRdpMstshash [getfield $msRdp "mstshash=" 2]
log local0.info "msRdpMstshash=$msRdpMstshash"
if {$msRdpMstshash contains "@"} {
set msRdpUser [getfield $msRdpMstshash "@" 1]
} elseif {$msRdpMstshash contains "\\"} {
set msRdpUser [getfield $msRdpMstshash "\\" 3]
} else {
set msRdpUser $msRdpMstshash
}
log local0.info "msRdpUser=[string trim $msRdpUser]"
Using MS RDP Username set persistence with 20 min timeout
persist uie [string trim $msRdpUser] 1200
}
TCP::release
}