Bug ID 447091: Unable to delete packet filters with order values greater than 32767

Last Modified: Feb 13, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
10.2.0, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4

Fixed In:
11.6.0, 11.5.1 HF5, 11.5.0 HF1, 11.4.1 HF4, 11.3.0 HF9, 11.2.1 HF11, 10.2.4 HF8

Opened: Feb 03, 2014
Severity: 3-Major
Related AskF5 Article:
K15601

Symptoms

When a packet filter is created with an order greater than 32767, attempts to delete this filter will fail. Error messages can be seen in /var/log/tmm* when a packet filter object is deleted (or possibly created).

Impact

Unknown (inexplicable) impact on traffic: - Packet filters that have been deleted may continue to exist in TMM - Older versions of rules (that have been deleted/recreated) may continue to be applied to traffic

Conditions

Packet filter rules with an order between 32768 and 65535 (inclusive).

Workaround

- To prevent this condition from occurring in the first place, restrict packet filter 'order' to 1-32767 (inclusive). - To remove the phantom/incorrect packet filter rules from the packet path (TMM), restart TMM ("bigstart restart tmm", which may need to run on each blade of a chassis system).

Fix Information

Ensured that packet filters with orders greater than 32767 are able to be deleted.

Behavior Change