DataScript Events

About DataScript Events

DataScripts run when various events are triggered by data plane traffic.  A single rule may run different code during different events.

Many DataScript functions are only available within specific events.  For instance, avi.http.redirect may only be used within an HTTP request event, whereas the avi.http.response function may be used within the HTTP request or the HTTP response events.

Some DataScript functions, such as avi.http.method, may be used in either the request or response events, even though the data returned is specifically from the client’s HTTP request.

Some DataScript functions may contain a context parameter, which means that while the function may be called during any event, it is grabbing data from an explicit event. Allowed values for any function’s context parameter are listed in the relevant Knowledge Base article. Consider avi.http.get_header as an example. Implementing it during an HTTP response event will return headers from the server’s response.  However, by adding a context parameter set to avi.HTTP_REQUEST, headers from the client request may be retrieved and evaluated during the response event.

if avi.http.get_header("my_header", avi.HTTP_REQUEST) then
 avi.http.close_conn()
end

While the DataScript above could be applied to either the HTTP request or response events, it is explicitly inspecting headers from the client’s request due to the optional context parameter.

Supported DataScript Events

  • HTTP_AUTH — This event is triggered before the client authentication
  • HTTP_POST_AUTH — This event is triggered after the client authentication
  • HTTP_REQ — This event triggers when all the headers of the HTTP request have been parsed successfully, but before any potential POST body has been received.
  • HTTP_RESP — This event triggers when all headers of the HTTP response have been parsed successfully, but before the response body has been received.
  • RESP_FAILED — This event is added with Avi Vantage 17.1.3. It triggers when any error/timeout happens before a valid response header can be received from the server and forwarded to the client. There are only 3 HTTP functions which can be invoked from the RESP_FAILED event:
    • avi.http.response()
    • avi.http.redirect()
    • avi.http.internal_status()
      All other HTTP functions return ERROR and the client connection will end prematurely.

      Examples under which the RESP_FAILED event occurs include:
    • TCP/SSL connection/handshake to back-end server fails
    • Request proxy/send to back-end server times out
    • No Response or partial Response Headers or Bad Response Headers from server
    • Server resets connection while Avi is waiting for the back-end server to respond
  • L4 REQUEST — Run data-script on receipt of the payload from the client post the SSL handshake.
  • L4 RESPONSE — Run data-script on receipt of packet from the server. (Starting with Avi Vantage version 20.1.1)
  • SSL_HANDSHAKE_DONE — Run data-script after SSL handshake is done.

Starting with Avi Vantage 21.1, the following events are introduced SSL to add SSL Handshake level events to read/write parameters to control the SSL handshake and change attributes like SSL profile, certificates, PKI settings, renegotiate, and more:

  • SSL_PRE_CONNECT: This event is triggered at the beginning of TLS handshake. This event can be used for changing the SSL settings like SSL profile, SSLKeyandCertificate and PKI profile based on Client IP or VS service port etc.

  • SSL_Client_Hello: This event is triggered after client hello pre-processing is done. This event is used for changing the SSL settings like SSL profile, SSLKeyandCertificate and PKI profile based on Client IP or VS service port etc.

  • SSL_HANDSHAKE_DONE: This event is triggered after the TLS handshake is complete. This event can be used for getting client certificate authentication errors and logging

Notes:

Document Revision History

Date Change Summary
December 07, 2020 Updated the content for HTTP_AUTH and HTTP_POST_AUTH events(Version 20.1.3)