Bug ID 716952: With TCP Nagle enabled, SSL filter will hold the HUDCTL_REQUEST_DONE/HUDCTL_RESPONSE_DONE message until the last data packet offload process complete.

Last Modified: Oct 16, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1

Fixed In:
14.1.0, 13.1.3.2

Opened: Apr 25, 2018

Severity: 3-Major

Symptoms

When TCP Nagle enabled, the data sent from server is handled by the SSL filter to offload data processing. The SSL filter forwards the HUDCTL_REQUEST_DONE/HUDCTL_RESPONSE_DONE message to TCP4 filter. Because Nagle is enabled, this leaves the last offloaded packet 'stuck' in the TCP4 filter.

Impact

The last data packet waits until all other packets have been ACKd.

Conditions

-- Nagle is enabled. -- SSL filter is in the chain.

Workaround

None.

Fix Information

SSL filter now holds the HUDCTL_REQUEST_DONE/HUDCTL_RESPONSE_DONE message if an offloaded data packet is still in progress.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips