TCP::option¶
Description¶
Gets or sets the value of the specified option kind from the TCP
header.
The TCP::option get command is only functional when BIG-IP has
been configured to collect options before the iRule is called. In v10,
this is done with a db variable and is effective only on the
clientside. When called in the
serverside context it returns an error
indicating that the specified option was not configured for
collection.
In v11, this is configured through the TCP profile and the command can
be used in either the serverside context or the clientside, depending
on the profile configuration. TCP::option set is available only in
v11 and can be used in either context.
Syntax¶
TCP::option get <option>
v11 Additions/Changes:
TCP::option set <option number> <value> <next|all>
TCP::option noset <option number>
TCP::option get <option>¶
- Returns the specified TCP option kind value. If the requested option kind was not configured for collection, an error indicating so is returned instead. If the option kind was specified but has not yet been seen on the current connection, the command returns null. If the requested option kind has been configured for collection and has been seen on the connection, the command returns the raw option kind value. See version-specific sections below regarding configuring option kinds for collection.
TCP::option noset¶
- Allows you to specify particular TCP options that should not be set.
Configuring for TCP option collection - BIG-IP version >= 10.2.0-HF2 and < 11.0.0¶
The Rules.tcpoption.settings database variable must be configured
in order to use the TCP::option command in 10.2.0HF2 < 11.0,
specifying the option values to be collected. In TMOS versions 10.2.0
HF2 through 10.2.2, the BIG-IP system must be restarted using the
bigstart restart command after setting or modifying the variable.
Starting with release 10.2.2 HF1 the restart is no longer required.
Configure the db variable Rules.Tcpoption.settings with a string in
the following format:
[option,<first|last>],[option,<first|last>],[option,<first|last>]...
Note: Do not change the unrelated db setting
Rules.tcpoption.virtuals from its default value of null in
10.2.0-hf2. This will cause tmm to repeatedly restart.
Configuring for TCP option collection - BIG-IP version 11.0.0 and up¶
Beginning with v11.0.0 the ‘db variable Rules.TCPoption.settings’ no longer exists and this functionality has been ‘baked in’. It is now part of the tcp profile and is configured as follows”
create ltm profile tcp PROFILE_NAME tcp-options “{option <first|last>} {option <first|last>}”
first | last¶
- Indicates whether the system will retain the first instance of the specified option kind, or the most recent.
When an option kind is marked first, the system will search for the
specified option kind only until it has been seen on the current
connection. Once seen, the TCP::option command will return that value
for the life of the connection.
When an option kind is marked last, the system will continue to search
for the specified option kind over the lifetime of the connection. The
TCP::option command will return the last value seen at the time it is
called.
If all option kinds are marked first, and all specified option kinds
have been seen on that TCP connection, no further searching will be
performed for the life of the connection.
For example, the following command configures the BIG-IP system to
save the value of the first instance of option kind 8, and the value
of the last seen instance of option kind 28:
v10: b db Rules.Tcpoption.settings [8,first],[28,last]
v11: create ltm profile tcp profile_name tcp-options “{8 first} {28
last}”
Examples¶
when CLIENT_ACCEPTED {
set INPUT_OPTION [TCP::option get 28]
binary scan $INPUT_OPTION c ver
set ver [expr { $ver & 0xff }]
set forwarded_ip [IP::addr parse $INPUT_OPTION 1]
log local0. "The IP address was $forwarded_ip for version $ver"
}
This example is further explained in the Accessing TCP Options from
iRules
article.
when SERVER_CONNECTED {
scan [IP::client_addr] {%d.%d.%d.%d} a b c d
TCP::option set 28 [binary format cccc $a $b $c $d] all
}
This example is showing in the server connection, how to insert the
client REAL IP (mostly used when the client IP is SNATted).