Session Counter iRule For IPv6

Hi!

Adding some formatting to rule to make it easier for other people to help as well. 🙂

when HTTP_REQUEST { 
    set static::maxquery 100 
    set static::holdtime 6 
    set static::tracking_memlimit 0 
    set static::tracking_maxentry 40000 
    set static::blacklist_memlimit 1 
    set static::blacklist_maxentry 40000

    log local0.info "Estimated memory usage for tracking: [expr (160*256/1024) * \ $static::tracking_maxentry / 1000] MBytes"
    log local0.info "Estimated memory usage for blacklist: [expr (160*256/1024) * \ $static::blacklist_maxentry / 1000] MBytes"
}

when CLIENT_ACCEPTED { 

    set srcip [IP::remote_addr] 
    set sub [getfield $srcip "." 4]

    if { [table lookup -subtable "blacklist:$sub" $srcip] != "" } {
        drop
        return
    }

    if { $static::tracking_memlimit == 1 } { 
        set total [table keys -subtable $sub -count] 

        if { $total > $static::tracking_maxentry } { 
            drop 
            return 
        } 
    }

    set curtime [clock second]
    set key "count:$srcip:$curtime"
    set count [table incr -subtable $sub $key] 
    table lifetime -subtable $sub $key 2

    if { $count > $static::maxquery } { 
        if { $static::blacklist_memlimit == 1 } { 
            set total [table keys -subtable "blacklist:$sub" -count] 

            if { $total > $static::blacklist_maxentry } { 
                drop
                return
            }
        }

        table add -subtable "blacklist:$sub" $srcip "blocked" indef $static::holdtime 
        table delete -subtable $sub $key 
        drop 
        return
    }
}

I'll see if I can find something.

/Patrik

Hi again

Try replacing

set sub [getfield $srcip "." 4]

with

set sub [getfield $srcip ":" 8]

Difference now though is that you'd get 65535 possible subtables instead of 255.

If you want to keep the 255 factor you could do this instead:

set sub [expr {[crc32 [getfield $srcip ":" 8]] % 255}]

/Patrik