Bug ID 458450: The ECA process may produce a core file when processing HTTP headers

Last Modified: Mar 12, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.3.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5

Fixed In:
12.0.0, 11.6.0 HF6

Opened: Apr 23, 2014
Severity: 3-Major
Related AskF5 Article:
K16941

Symptoms

The ECA process may produce a core file when processing HTTP headers. As a result of this issue, you may encounter one or more of the following symptoms: In the /var/log/apm file, you may observe log messages similar to the following example: notice eca[20847]: 01620010:5: ** SIGSEGV ** notice eca[20847]: 01620010:5: fault time: < date > The ECA process generates a core file in the /var/core directory.

Impact

The ECA process temporarily stops processing traffic and then restarts.

Conditions

This issue occurs when all of the following conditions are met: -- The BIG-IP APM system is configured with the ECA log level of debug. -- The ECA process receives and attempts to process an HTTP cookie header, where the cookie value is greater than 1023 characters.

Workaround

Do not enable the debugging log. To work around this issue, you can revert the log level setting for the ECA (log.eca.level) process back to the default of Notice. To do so, perform the following procedure: Impact of workaround: Debug logging is disabled for the ECA process. Log in to the Traffic Management Shell (tmsh) by typing the following command: tmsh Type the following command: modify /sys db log.eca.level value Notice Save the configuration change by typing the following command: save /sys config To exit the tmsh utility, type the following command: quit

Fix Information

ECA can properly handle HTTP cookie header longer than 1023 characters when log level is set to debug.

Behavior Change