Last Modified: Nov 07, 2022
Known Affected Versions:
10.2.0, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4
11.6.0, 11.5.1 HF5, 11.5.0 HF1, 11.4.1 HF4, 11.3.0 HF9, 11.2.1 HF11, 10.2.4 HF8
Opened: Feb 03, 2014 Severity: 3-Major Related Article:
Related Article: K15601
When a packet filter is created with an order greater than 32767, attempts to delete this filter will fail. Error messages can be seen in /var/log/tmm* when a packet filter object is deleted (or possibly created).
Unknown (inexplicable) impact on traffic: - Packet filters that have been deleted may continue to exist in TMM - Older versions of rules (that have been deleted/recreated) may continue to be applied to traffic
Packet filter rules with an order between 32768 and 65535 (inclusive).
- To prevent this condition from occurring in the first place, restrict packet filter 'order' to 1-32767 (inclusive). - To remove the phantom/incorrect packet filter rules from the packet path (TMM), restart TMM ("bigstart restart tmm", which may need to run on each blade of a chassis system).
Ensured that packet filters with orders greater than 32767 are able to be deleted.