Last Modified: Feb 13, 2019
Opened: Jul 02, 2013
Related AskF5 Article: K14590
Packets from an iRule that uses the [drop] command pass through to the other side of the connection.
For stateless/message-based protocols (UDP, SIP), or given a mid-connection call to drop (HTTP_REQUEST, for example), this passes data before tearing down the protocol control block. Depending on the application, this can be dangerous. In the case of a stateful protocol (TCP, SCTP) using the drop command in CLIENT_ACCEPTED, the next segment will result in a RST packet or ABORT chunk, so there is less impact.
An iRule calls drop.
Add a temporary flag to note that the connection has been asynchronously aborted, and avoid delivering the packet when this is set.