Bug ID 1389225: For certain iRules, TCP::close does not close the TCP connection

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3

Opened: Oct 27, 2023

Severity: 3-Major

Symptoms

When an iRule generates a TCP::close before a server-side connection is established, the BIG-IP system does not close the connection.

Impact

TCP connection lingers in TMM until expiration.

Conditions

Example 1 With this iRule, if there are 2 pipelined http requests, the close will not happen after the first request Sample iRule: proc redirect {loc} { HTTP::redirect $loc TCP::close } when HTTP_REQUEST priority 1 { call redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } Example 2: In this second example of iRule where there are no pools involved (say redirects or error message return 404 not found...) when no servers are connected to. In such case, the close will not happen. ltm rule tcp_it { when CLIENT_ACCEPTED { TCP::collect 1 } when CLIENT_DATA { table or other commands for example TCP::respond "reply" (or 404 not found...) TCP::release TCP::close } when CLIENT_CLOSED { log local0. "Client closed" } when SERVER_CONNECTED { log local0. "Server here" } } When such rule involves no servers to be connected - hence "Server here" not displayed - the close will never happen.

Workaround

None

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips