Bug ID 746731: BIG-IP system sends Firmware-Revision AVP in CER with Mandatory bit set

Last Modified: Jul 13, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6

Fixed In:
15.0.0, 14.1.2.7, 13.1.3.4

Opened: Oct 12, 2018

Severity: 3-Major

Symptoms

The BIG-IP system always sets the Mandatory bit flag for Firmware-Revision AVPs in DIAMETER Capabilities Exchange Request messages.

Impact

If the DIAMETER peer is intolerant of this Mandatory bit being set, it will reset the DIAMETER connection.

Conditions

Using DIAMETER to send a Capabilities Exchange Request message with the Firmware-Revision AVP.

Workaround

Configure an iRule in the MRF transport-config, for example: ltm rule workaround { when DIAMETER_EGRESS { if {[serverside] && [DIAMETER::command] == "257" } { DIAMETER::avp flags set 267 0 } } }

Fix Information

This release always clears the Mandatory bit for Firmware-Revision AVPs in DIAMETER Capabilities Exchange Request messages.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips