Bug ID 512618: Continuous "Invalid sadb message" upon issuing "racoonctl -l show-sa esp"

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2

Fixed In:
12.1.0, 11.5.4

Opened: Mar 16, 2015
Severity: 3-Major

Symptoms

Racoonctl utility is not designed to display large number of SA's and it will display "Invalid sadb message" continuously.

Impact

Continuous "Invalid sadb message" will be displayed upon issuing "racoonctl -l show-sa esp" and racoonctl utility will not work.

Conditions

If the system has large number of IPsec SA's.

Workaround

Use TMSH instead. "tmsh show net ipsec ipsec-sa" will provide more accurate IPsec security association information.

Fix Information

This changes should provide a user to retrieve SA's based on specific addresses using racoonctl utility.

Behavior Change