Last Modified: Jul 24, 2024
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3
Fixed In:
16.1.5
Opened: Oct 27, 2023 Severity: 3-Major
When an iRule generates a TCP::close before a server-side connection is established, the BIG-IP system does not close the connection.
TCP connection lingers in TMM until expiration.
Example 1 With this iRule, if there are 2 pipelined http requests, the close will not happen after the first request Sample iRule: proc redirect {loc} { HTTP::redirect $loc TCP::close } when HTTP_REQUEST priority 1 { call redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } Example 2: In this second example of iRule where there are no pools involved (say redirects or error message return 404 not found...) when no servers are connected to. In such case, the close will not happen. ltm rule tcp_it { when CLIENT_ACCEPTED { TCP::collect 1 } when CLIENT_DATA { table or other commands for example TCP::respond "reply" (or 404 not found...) TCP::release TCP::close } when CLIENT_CLOSED { log local0. "Client closed" } when SERVER_CONNECTED { log local0. "Server here" } } When such rule involves no servers to be connected - hence "Server here" not displayed - the close will never happen.
None
None