Bug ID 448327: Aborting a connection with a suspended DNS iRule may leak memory

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP GTM, LTM(all modules)

Known Affected Versions:
11.6.2 HF1, 11.2.1, 11.3.0, 11.4.0, 11.4.1

Fixed In:
11.6.0, 11.5.1 HF5, 11.5.0 HF1, 11.4.1 HF4, 11.2.1 HF11

Opened: Feb 08, 2014

Severity: 2-Critical

Related Article: K15718

Symptoms

Aborted connections with suspended DNS iRule may leak memory. libldns memory tag in umem grows indefinitely eventually leading to failover.

Impact

Memory leak (libldns variable in tmm memory_usage_stat)

Conditions

DNS_RESPONSE/DNS_REQUEST with iRule command which suspends and gets the connection aborted (e.g. RESOLV::lookup) because it exceeded the expire timeout for an iRule.

Workaround

Avoid iRule command(s) which suspend in a DNS_REQUEST or DNS_RESPONSE iRule event.

Fix Information

Prevent memory leak when iRule suspends or aborts an DNS command.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips