preload
Comment/Uncomment block in BBEdit Fantasy Football Champs!
Dec 01

If you do any amount of work with F5 Nework’s iRules scripting language, eventually you run into the need to print out the contents of a packet you are working with to make sure you are processing the packet correctly, getting the fields lined up, getting sent the values you think you are being sent, etc.  Personally, I’m used to using a very common hexdump format that I’ve created Ruby methods for in the past…but I could not find anything similar for iRules, so I wrote my own.

The following code implements the hexdump:

if { $static::DEBUG eq 1 } {
        #  The hexbinary code we want to decode is stored in $payload
        ##
        ## format string for hexdump output
        ##
        set p 0     ;## buf ptr
        set sl [string length $payload]
        set inPkt "\n\n"
        while { $p < $sl } {
            set s [string range $payload $p [expr {$p+16}] ]
            binary scan $s H*@0a* hex ascii
            regsub -all -- {[^[:graph:] ]} $ascii {.} ascii
            set hex1   [string range $hex   0 15]
            set hex2   [string range $hex  16 31]
            set ascii1 [string range $ascii 0  7]
            set ascii2 [string range $ascii 8 15]
            # Convert the hex to pairs of hex digits
            regsub -all -- {..} $hex1 {& } hex1
            regsub -all -- {..} $hex2 {& } hex2
            append inPkt "[format {%08x  %-24s %-24s %-8s %-8s} $p $hex1 $hex2 $ascii1 $ascii2]\n"
            set p [expr {$p + 16}]
        }
        ###
        puts "Input PKT: $inPkt"            ;## print the output to /var/log/tmm
}

Notice that we are using “puts” commands rather than the more common “log local0.” commands, as the log command strips out linefeeds and would mess up our output.
Here’s how it looks when I used it to output a RADIUS Accounting Update packet that I wanted to modify on the fly:

<13> Jan 13 19:21:06 local/bigipfw notice >>CLIENT_DATA
<13> Jan 13 19:21:06 local/bigipfw notice RADIUS code: Accounting-Request
<13> Jan 13 19:21:06 local/bigipfw notice RADIUS id: 12
<13> Jan 13 19:21:06 local/bigipfw notice User-Name: 31016090000000001
<13> Jan 13 19:21:06 local/bigipfw notice Called-Station-Id: offload.F5_Customer.com
<13> Jan 13 19:21:06 local/bigipfw notice Acct-Type: Interum-Update(3)
<13> Jan 13 19:21:06 local/bigipfw notice NAS-Identifier: IPhoneOS
<13> Jan 13 19:21:06 local/bigipfw notice NAS-Port: 4608
<13> Jan 13 19:21:06 local/bigipfw notice Framed-IP-Address: 192.168.1.1
<13> Jan 13 19:21:06 local/bigipfw notice Tunnel-Client-Endpoint: 10.1.1.45
<13> Jan 13 19:21:06 local/bigipfw notice Authenticator: c1304dd1a21e61d75a97b27dce74b926
<13> Jan 13 19:21:06 local/bigipfw notice VSA id: 3GPP, number: 3GPP-IMSI, length: 19, value: 31016090000000001
<13> Jan 13 19:21:06 local/bigipfw notice Input PKT:
<13> Jan 13 19:21:06 local/bigipfw notice 00000000  04 0c 00 8c c1 30 4d d1  a2 1e 61 d7 5a 97 b2 7d  ....Á0MÑ ¢.a×Z.²}
<13> Jan 13 19:21:06 local/bigipfw notice 00000010  ce 74 b9 26 20 0a 49 50  68 6f 6e 65 4f 53 01 13  Ît¹& .IP honeOS..
<13> Jan 13 19:21:06 local/bigipfw notice 00000020  33 31 30 31 36 30 39 30  30 30 30 30 30 30 30 30  31016090 00000000
<13> Jan 13 19:21:06 local/bigipfw notice 00000030  31 1e 19 6f 66 66 6c 6f  61 64 2e 46 35 5f 43 75  1..offlo ad.F5_Cu
<13> Jan 13 19:21:06 local/bigipfw notice 00000040  73 74 6f 6d 65 72 2e 63  6f 6d 2c 06 ff 08 02 00  stomer.c om,.ÿ...
<13> Jan 13 19:21:06 local/bigipfw notice 00000050  28 06 00 00 00 03 05 06  00 00 12 00 42 0b 31 30  (....... ....B.10
<13> Jan 13 19:21:06 local/bigipfw notice 00000060  2e 31 2e 31 2e 34 35 08  06 c0 a8 01 01 04 06 7f  .1.1.45. .ˬ.....
<13> Jan 13 19:21:06 local/bigipfw notice 00000070  00 00 01 1a 19 00 00 28  af 01 13 33 31 30 31 36  .......( ¯..31016
<13> Jan 13 19:21:06 local/bigipfw notice 00000080  30 39 30 30 30 30 30 30  30 30 30 31              09000000 0001
<13> Jan 13 19:21:06 local/bigipfw notice Resp: 050c0014c33b32cc5a8befa41e8ed962b3972aa2

Of course, this method is best used when you are troubleshooting protocol packets coming in one at a time…multiple packets could cause it to become quite garbled!

SociBook del.icio.us Digg Facebook Google Yahoo Buzz StumbleUpon

Leave a Reply