Forum Discussion

AceDawg1's avatar
AceDawg1
Icon for Nimbostratus rankNimbostratus
Jun 07, 2018

Facing issue with "binary scan" and or "expr" functions on RADIUS iRule

Good day all,

I've created an iRule that mimics RADIUS server functionality in the event the backend RADIUS servers are offline. This snippet of the iRule iterates through the RADIUS ACCEPT-REQUEST packet peeling off each attribute type, length and value. When I get to the fourth attribute, I can grab the ID ($attr_id_cli) and length ($attr_len_cli) but fail on acquiring the value ($attr_val_cli).

when CLIENT_DATA {

    binary scan [UDP::payload] cH2SH32a* code_cli ident_cli len_cli auth_cli attr_cli

    binary scan $attr_cli cc user_cli user_len_cli
    binary scan $attr_cli @2a$user_len_cli user_val_cli

    binary scan $attr_cli @[expr {$user_len_cli}]cc pass_cli pass_len_cli
    binary scan $attr_cli @[expr {$user_len_cli + $pass_len_cli}]a[expr {$pass_len_cli}] pass_val_cli

    binary scan $attr_cli @[expr {$user_len_cli + $pass_len_cli}]cc service_cli service_len_cli
    binary scan $attr_cli @[expr {$user_len_cli + $pass_len_cli}]a[expr {$service_len_cli} service_val_cli

    binary scan $attr_cli @[expr {$user_len_cli + $pass_len_cli + $service_len_cli}]cc attr_cli attr_len_cli
    binary scan $attr_cli @[expr {$user_len_cli + $pass_len_cli + $service_len_cli}]a[expr {$attr_len_cli}] attr_val_cli

    log local0. "atv id: $attr_cli"
    log local0. "atv len: $attr_len_cli"
    log local0. "atv val: $attr_val_cli"

}

I'm not sure if the expr function is my issue:

binary scan $attr_cli @[expr {$user_len_cli + $pass_len_cli + $service_len_cli}]a[expr {$attr_len_cli}] attr_val_cli

/var/log/ltm yields the following error:

Jun 7 13:11:26 slot1/MED-F5-SLB1 err tmm[17571]: 01220001:3: TCL error: /Common/CP - can't read "attr_val_cli": no such variable while executing "log local0. "atv val: $attr_val_cli""

Full logs from /var/log/ltm below:

Jun  7 12:58:23 slot1/MED-F5-SLB1 info tmm[17571]: Rule /Common/CP : user: 1
Jun  7 12:58:23 slot1/MED-F5-SLB1 info tmm[17571]: Rule /Common/CP : user len: 8
Jun  7 12:58:23 slot1/MED-F5-SLB1 info tmm[17571]: Rule /Common/CP : user val: f5user
Jun  7 12:58:23 slot1/MED-F5-SLB1 info tmm[17571]: Rule /Common/CP : pass: 2
Jun  7 12:58:23 slot1/MED-F5-SLB1 info tmm[17571]: Rule /Common/CP : pass len: 18
Jun  7 12:58:23 slot1/MED-F5-SLB1 info tmm[17571]: Rule /Common/CP : pass val: ▒▒▒Wtty2=▒▒▒
Jun  7 12:58:23 slot1/MED-F5-SLB1 info tmm[17571]: Rule /Common/CP : service: 5
Jun  7 12:58:23 slot1/MED-F5-SLB1 info tmm[17571]: Rule /Common/CP : service len: 6
Jun  7 12:58:23 slot1/MED-F5-SLB1 info tmm[17571]: Rule /Common/CP : service val: ▒▒▒
Jun  7 12:58:23 slot1/MED-F5-SLB1 info tmm[17571]: Rule /Common/CP : atv: 87
Jun  7 12:58:23 slot1/MED-F5-SLB1 info tmm[17571]: Rule /Common/CP : atv len: 6
Jun  7 12:58:23 slot1/MED-F5-SLB1 err tmm[17571]: 01220001:3: TCL error: /Common/CP  - can't read "attr_val_cli": no such variable     while executing "log local0. "atv val: $attr_val_cli""