ltm rule command ASN1 element
iRule(1) BIG-IP TMSH Manual iRule(1)
ASN1::element
Returns ASN1.1 record elements.
SYNOPSIS
ASN1::element init ('BER' | 'DER')
ASN1::element next ELEMENT (NUM_ELEMENTS)?
ASN1::element byte_offset ELEMENT (OFFSET)?
ASN1::element tag ELEMENT
ASN1::element size ELEMENT
ASN1::element length ELEMENT (LENGTH)?
DESCRIPTION
This command returns ASN1.1 record elements.
ASN1::element init encodingType
* Returns an element (Tcl_Obj) handle used by the remaining commands.
encodingType specifies the encoding type that subsequent commands
should use (BER|DER).
ASN1::element next element ?numberOfElements?
* Returns the next element found after element. If numberOfElements
is specified, the command will move ahead that many elements,
otherwise, the default is 1.
ASN1::element byte_offset element ?offset?
* Returns the byte offset within the payload. This is often useful
when using the encode command along with the TCP::payload replace
command where a byte offset is used to indicate the location within
the payload. If offset is specified, the element offset is set to
the specified value. Changing the byte offset is generally
discouraged and should be done with caution as it affects the
behavior of any other command which takes an element object as an
argument.
ASN1::element tag element
* Returns the id (integer) of the leading tag found in element.
ASN1::element size element
* Returns the size (in number of bytes) of the element's full TLV.
This is useful for passing to TCP::release.
ASN1::element length element ?length?
* Returns the length (in number of bytes) of the element's value.
This is the L coded in the TLV. If length is specified, the length
of the element is modified. Changing the byte offset is generally
discouraged and should be done with caution as it could affect the
behvior of any other command which takes an element object as an
argument.
RETURN VALUE
VALID DURING
EXAMPLES
Optimize LDAP performance allowing reuse of server connections by detaching clients upon client unbind
when CLIENT_ACCEPTED {
TCP::collect
}
when CLIENT_DATA {
set ele [ASN1::element init BER]
# Skip ahead two elements and check for an unbind tag (0x62)
if { [ASN1::element tag [ASN1::element next $ele 2]] == 0x62 } {
log local0. "unbind => detach"
TCP::payload replace 0 [TCP::payload length] ""
LB::detach
}
TCP::release
TCP::collect
}
Change LDAP protocol version upon bindRequest
when CLIENT_ACCEPTED {
TCP::collect
}
when CLIENT_DATA {
set ldap_msg [ASN1::element init BER]
set ele [ASN1::element next $ldap_msg 2]
set tag [ASN1::element tag $ele]
if { $tag == 0x60} { # bindRequest
# Offset of the version number
set version_ele [ASN1::element next $ele]
set offset [ASN1::element byte_offset $version_ele]
# Set the version to v2
set buf [ASN1::encode BER "i" 0x02]
set size [ASN1::element size $version_ele]
# Replace the original version TLV
TCP::payload replace $offset $size $buf
}
TCP::release
TCP::collect
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-11.5.0 --First introduced the command.
BIG-IP 2017-01-31 iRule(1)