Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.3.0
Fixed In:
11.3.0 HF8
Opened: Jul 02, 2013 Severity: 2-Critical Related Article:
K14590
Packets from an iRule that uses the [drop] command pass through to the other side of the connection.
For stateless/message-based protocols (UDP, SIP), or given a mid-connection call to drop (HTTP_REQUEST, for example), this passes data before tearing down the protocol control block. Depending on the application, this can be dangerous. In the case of a stateful protocol (TCP, SCTP) using the drop command in CLIENT_ACCEPTED, the next segment will result in a RST packet or ABORT chunk, so there is less impact.
An iRule calls drop.
None.
Add a temporary flag to note that the connection has been asynchronously aborted, and avoid delivering the packet when this is set.