ltm rule command TCP payload
iRule(1) BIG-IP TMSH Manual iRule(1)
TCP::payload
Returns or changes the data collected by TCP::collect.
SYNOPSIS
TCP::payload (LENGTH | (OFFSET LENGTH))?
TCP::payload length
TCP::payload replace OFFSET LENGTH TCP_PAYLOAD
DESCRIPTION
Returns the accumulated TCP data content, or replaces collected payload
with the specified data.
Syntax
TCP::payload []
* Returns the accumulated TCP data content. If is specified,
and more than bytes are available, only the first
bytes of collected data are returned.
TCP::payload replace
* Replaces bytes of the collected payload data starting at
with the given .
TCP::payload length
* Returns the amount of accumulated TCP data content in bytes.
Note: Currently, iRules usually treats binary data in TCL variables as
UTF-8 strings. Therefore, care must be taken when processing binary TCP
payloads. In particular, do not assign the result of TCP::payload to a
variable if non-text data should be processed literally. See the third
example below for a way to do a binary search-and-replace in a
TCP::payload. TCL variables explicitly created as binary data (e.g. via
the binary format command) are not treated as UTF-8 strings. There is
an outstanding enhancement request (tracked as CR47762 / BZ273220) to
treat TCL variables as binary data (rather than UTF-8 strings) as
appropriate.
RETURN VALUE
VALID DURING
CLIENT_ACCEPTED, CLIENT_CLOSED, CLIENT_DATA, SERVER_CLOSED,
SERVER_CONNECTED, SERVER_DATA, SIP_REQUEST, SIP_REQUEST_SEND,
SIP_RESPONSE, STREAM_MATCHED
EXAMPLES
when CLIENT_ACCEPTED {
TCP::collect 15
}
when CLIENT_DATA {
if { [TCP::payload 15] contains "XYZ" } {
pool xyz_servers
} else {
pool web_servers
}
TCP::release
}
when CLIENT_ACCEPTED {
TCP::collect
}
when CLIENT_DATA {
# empty payload entirely so there is no packet to send to the server
TCP::payload replace 0 [TCP::payload length] ""
# craft a string to hold our packet data, 0x01 0x00 0x00 0x00 0x02 0x00 0x000x00 0x03 0x00 0x00 0x00
set packetdata [binary format i1i1i1 1 2 3 ]
# then fill payload with our own data from arbitrary length string called packetdata to send to the server
# this actually inserts it at the start of the packet, but because we emptiedthe packet above it becomes the new packet
TCP::payload replace 0 0 $packetdata
# release the payload to the server
TCP::release
# set up to grab the next packet
TCP::collect
}
when CLIENT_ACCEPTED {
TCP::collect
}
when CLIENT_DATA {
#
# Do a regex search and replace of binary TCP data
#
if { [regexp -indices "\x61\x62\x63\x64\x65\x66" [TCP::payload] firstmatch] }{
set matchlen [expr [lindex $firstmatch 1] - [lindex $firstmatch 0] + 1]
set replacement [binary format c* {97 98 99 0 100 101 102}]
TCP::payload replace [lindex $firstmatch 0] $matchlen $replacement
TCP::release
}
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-9.0.0 --First introduced the command.
BIG-IP 2017-01-31 iRule(1)