Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.3.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5
Fixed In:
12.0.0, 11.6.0 HF6
Opened: Apr 23, 2014 Severity: 3-Major Related Article:
K16941
The ECA process may produce a core file when processing HTTP headers. As a result of this issue, you may encounter one or more of the following symptoms: In the /var/log/apm file, you may observe log messages similar to the following example: notice eca[20847]: 01620010:5: ** SIGSEGV ** notice eca[20847]: 01620010:5: fault time: < date > The ECA process generates a core file in the /var/core directory.
The ECA process temporarily stops processing traffic and then restarts.
This issue occurs when all of the following conditions are met: -- The BIG-IP APM system is configured with the ECA log level of debug. -- The ECA process receives and attempts to process an HTTP cookie header, where the cookie value is greater than 1023 characters.
Do not enable the debugging log. To work around this issue, you can revert the log level setting for the ECA (log.eca.level) process back to the default of Notice. To do so, perform the following procedure: Impact of workaround: Debug logging is disabled for the ECA process. Log in to the Traffic Management Shell (tmsh) by typing the following command: tmsh Type the following command: modify /sys db log.eca.level value Notice Save the configuration change by typing the following command: save /sys config To exit the tmsh utility, type the following command: quit
ECA can properly handle HTTP cookie header longer than 1023 characters when log level is set to debug.
