bongshanks
Dec 26, 2017Nimbostratus
Scan command and variables in a SSL transaction
Hey folks,
I'm trying to finish an iRule and I'd appreciate some critiquing or advice. I'm trying to capture some client IP/SSL cipher information as well as a 23 character string of text that will be divided up into two identifiers.
-
I think the two log statements (Client Accept and Client handshake) are redundant and can go away
-
I have a regular expression line after the scan command. I have verified that the regex line actually works, but I'm not confident about the scan commmand. All I know is that regex is really looked down upon.
-
Variables. Ugh. I'm learning TCL. I left the three main variables "empty" then I have the log command fill them out. I believe this is the right way, but I'm probably wrong.
when CLIENT_ACCEPTED {
log local0. "SSL_CUSTOM: Connection of Client Source IP: [IP::client_addr]:[TCP::client_port]<-->[virtual name]<-->[LB::server]"
}
when CLIENTSSL_HANDSHAKE {
if { [SSL::cipher bits] > 0 } then {
log local0. "Client: [IP::client_addr] is using [SSL::cipher version]. SSL Cipher:[SSL::cipher name]. Virtual:[virtual]. SSL Profile:[PROFILE::clientssl name]."
SSL::collect
}
}
when CLIENTSSL_DATA {
set combo ""
set tid ""
set mid ""
set combo [scan [SSL::payload] ([0-9]{8}[0-9]{15}){1}]
set tid [string range $combo 0 7]
set mid [string range $combo 8 end]
log local0. "Client: [IP::client_addr] is using [SSL::cipher version]. SSL Cipher:[SSL::cipher name]. Virtual:[virtual]. SSL Profile:[PROFILE::clientssl name]. MID is $mid. TID is $TID."
SSL::release
}