iRule modification - rdp

Thanks for that.

If the original string has two backslashes, then you'd need to use four for getfield. The first and third slashes escape the second and fourth.

[getfield $msrdp "\\\\" 2]

You could try something like this which assumes that the msrdp string won't have both an @ and backslashes. It also handles one backslash:

 
    if { $msrdp contains "@" } { 
       log local0. "Data Persisting on: [getfield $msrdp "@" 1]" 
       persist uie [getfield $msrdp "@" 1] 10800 
    } elseif { $msrdp contains "\\\\" } { 
       log local0. "Data Persisting on: [getfield $msrdp "\\\\" 2]" 
       persist uie [getfield $msrdp "\\\\" 2] 10800 
    } elseif { $msrdp contains "\\" } { 
       log local0. "Data Persisting on: [getfield $msrdp "\\" 2]" 
       persist uie [getfield $msrdp "\\" 2] 10800 
    } else { 
       persist uie $msrdp 10800 
       log local0. "Data Persisting on: $msrdp" 
    } 
 } 
 

Aaron

So how would that incorporate to my entire iRule. Which parts would I keep and which would I change?

Can you try this?

 
 when CLIENT_ACCEPTED { 
    TCP::collect 
 } 
 when CLIENT_DATA { 
  
    TCP::collect 25 
  
    binary scan [TCP::payload] x11a* msrdp 
    log local0. "Contents after binary scan: $msrdp" 
  
    if { [string equal -nocase -length 17 $msrdp "cookie: mstshash="] } { 
       set msrdp [string range $msrdp 17 end] 
       set len [string first "\n" $msrdp] 
       if { $len == -1 } { 
          TCP::collect 
          return 
       } 
       if { $msrdp contains "@" } {  
          log local0. "Data Persisting on: [getfield $msrdp "@" 1]"  
          persist uie [getfield $msrdp "@" 1] 10800  
       } elseif { $msrdp contains "\\\\" } {  
          log local0. "Data Persisting on: [getfield $msrdp "\\\\" 2]"  
          persist uie [getfield $msrdp "\\\\" 2] 10800  
       } elseif { $msrdp contains "\\" } {  
          log local0. "Data Persisting on: [getfield $msrdp "\\" 2]"  
          persist uie [getfield $msrdp "\\" 2] 10800  
       } else {  
          persist uie $msrdp 10800  
          log local0. "Data Persisting on: $msrdp"  
       }  
    } 
    TCP::release 
 } 
 

I'm not sure I understand why the length was being decremented by 1 if $len is greater than 5. Citizen, can you elaborate on this?

Thanks,

Aaron

It seems that with this rule it persists the value but as seperate entries. Also the stripping everything before \ is not creating a persistence table entry. When I ssh to our F5 here is what the output of b persist show all | grep doctest is:

 

 

[root@bigbrother:Active] config b persist show all | grep doctest

 

Mode: universal Value: doctest

 

Mode: universal Value: doctest

 

[root@bigbrother:Active] config

 

 

 

Here is the log file:

 

Feb 6 13:01:45 tmm tmm[31729]: Rule ssotest2 : Contents after binary scan: Cookie: mstshash=doctest

 

Feb 6 13:01:45 tmm tmm[31729]: Rule ssotest2 : Data Persisting on: doctest

 

Feb 6 13:02:31 tmm tmm[31729]: Rule ssotest2 : Contents after binary scan: Cookie: mstshash=doctest@Summithealth.local

 

Feb 6 13:02:31 tmm tmm[31729]: Rule ssotest2 : Data Persisting on: doctest

 

Feb 6 13:05:54 tmm tmm[31729]: Rule ssotest2 : Contents after binary scan: Cookie: mstshash=chbghosp\

 

Feb 6 13:05:54 tmm tmm[31729]: Rule ssotest2 : Data Persisting on:

 

 

 

@Hoolio, if I recall correctly the len variable includes the "=", so it is decremented to remove the additional character that would otherwise be included in the persist string.

Hey guys,

 

I got it to work. Here is the iRule as I have it:

 

 

when CLIENT_ACCEPTED {

 

TCP::collect

 

}

 

when CLIENT_DATA {

 

 

TCP::collect 25

 

 

binary scan [TCP::payload] x11a* msrdp

 

log local0. "Contents after binary scan: $msrdp"

 

 

if { [string equal -nocase -length 17 $msrdp "cookie: mstshash="] } {

 

 

set msrdp [string range $msrdp 17 end]

 

set len [string first "\n" $msrdp]

 

if { $len == -1 } {

 

TCP::collect

 

return

 

}

 

if { $msrdp contains "@" } {

 

log local0. "Setting data to: [getfield $msrdp "@" 1]"

 

set username [getfield $msrdp "@" 1]

 

} elseif { $msrdp contains "\\" } {

 

log local0. "Setting data to: [getfield $msrdp "\\" 3]"

 

set username [getfield $msrdp "\\" 3]

 

} else {

 

set username $msrdp

 

log local0. "Setting data to: $msrdp"

 

}

 

set finalusername [string tolower $username]

 

set finalusername [string trim $finalusername]

 

log local0. "User Being Persisted is: |$finalusername|"

 

persist uie $finalusername 10800

 

}

 

TCP::release

 

}

 

 

 

The only thing is that 9 character limit. I know this is an MS TS limitation but is ther a way around it. Thanks for all your input and help though. You have steered my in the right direction!

Hi all, thought I'd add something to the mix here, mainly for information purposes in case anyone else is in my boat - although if anyone does have a nugget of info then that would be great.

 

 

I'm on LTM v9.0.x - thought this iRule would save the day but doesn't look like it works with this old code. Out of the 3 possible login situations username, username@company.org and domain\username, the only one it worked for was the username@company.org login type. The other 2 produced 2 persistence entries for one login and looking as follows: either username r??!???? or domain r??!??? (or some gobbledigook like that). In addition the persistence was not 100%.

 

 

One day I'll be given shiny new v10 appliances......until then.

 

 

N