Forum Discussion

robert_78370's avatar
robert_78370
Icon for Nimbostratus rankNimbostratus
Apr 27, 2017

Need help with SERVERSSL_DATA

I'm trying to get the irule example for the event SERVERSSL_DATA working without any luck. I need to look at the data stream being returned to the client. Here's my code:

 

when SERVERSSL_HANDSHAKE {
    log local0.info "serverssl_handshake"
    SSL::collect
}

when SERVERSSL_DATA {
    binary scan [SSL::payload] c* packet

    log local0.info "serverssl:----------"
    log local0.info "serverssl_data000: $packet"

    SSL::release
    SSL::collect
}

I see the "serverssl_handshake" log message show up in the log, but my client hangs after that, with no other log messages.

 

I've turned this code around and captured CLIENTSSL_DATA successfully. It just doesn't work for SERVERSSL_DATA.

 

4 Replies

  • I can confirm it isn't working. It looks like the SSL::collect kicks in before the 'GET / HTTP/1.1...' query is send to the pool members. Then it keeps waiting (collecting data) until it times out, because it will not receive any data. I was able to capture some data by altering the iRule like below, but it also breaks the original request.

    when SERVERSSL_HANDSHAKE {
        log local0.info "serverssl_handshake"
        serverside { SSL::respond "GET / HTTP/1.0\r\n\r\n" }
        SSL::collect
    }
    
    when SERVERSSL_DATA {
        binary scan [SSL::payload] c* packet
    
        log local0.info "serverssl:----------"
        log local0.info "serverssl_data000: $packet"
    
        SSL::release
        SSL::collect
    }
    

    See here the package capture:

    May  5 11:10:22 nielsvs-bigip info tmm1[5404]: Rule /Common/A_IRULE_SSL_TEST : serverssl:----------
    May  5 11:10:22 nielsvs-bigip info tmm1[5404]: Rule /Common/A_IRULE_SSL_TEST : serverssl_data000: 72 84 84 80 47 49 46 49 32 50 48 48 32 79 75 13 10 68 97 116 101 58 32 70 114 105 44 32 48 53 32 77 97 121 32 50 48 49 55 32 48 57 58 49 48 58 50 50 32 71 77 84 13 10 83 101 114 118 101 114 58 32 65 112 97 99 104 101 47 50 46 52 46 49 56 32 40 70 101 100 111 114 97 41 32 79 112 101 110 83 83 76 47 49 46 48 46 49 107 45 102 105 112 115 32 80 72 80 47 53 46 54 46 50 51 13 10 76 97 115 116 45 77 111 100 105 102 105 101 100 58 32 84 104 117 44 32 51 48 32 74 117 110 32 50 48 49 54 32 49 49 58 52 53 58 49 57 32 71 77 84 13 10 69 84 97 103 58 32 34 53 50 45 53 51 54 55 100 54 55 56 52 102 56 55 48 34 13 10 65 99 99 101 112 116 45 82 97 110 103 101 115 58 32 98 121 116 101 115 13 10 67 111 110 116 101 110 116 45 76 101 110 103 116 104 58 32 56 50 13 10 67 111 110 116 101 110 116 45 84 121 112 101 58 32 116 101 120 116 47 104 116 109 108 59 32 99 104 97 114 115 101 116 61 85 84 70 45 56 13 10
    
  • The datastream I'm trying to look at is actually LDAP, not HTTP. That shouldn't make much difference, just that I can't prod it with HTTP content like you did.

     

  • Hi Robert, I got a bit further with this. Try this iRule:

    when CLIENTSSL_DATA {
        binary scan [SSL::payload] c* packet
    
        log local0.info "clientssl: ----------"
        log local0.info "clientssl_data000: $packet"
        SSL::release
        SSL::collect
    
        serverside { SSL::collect }
    }
    
    
    when SERVERSSL_HANDSHAKE {
        log local0.info "serverssl_handshake"
        clientside { SSL::collect }
    }
    
    when SERVERSSL_DATA {
        binary scan [SSL::payload] c* packet
    
        log local0.info "serverssl:----------"
        log local0.info "serverssl_data000: $packet"
        SSL::release
        SSL::collect
    }
    
  • That works, thanks. I'm new to iRules, I wasn't aware of the clientside/serverside statements.