Bug ID 530877: TCP profile option Verified Accept might cause iRule processing to run twice in very specific circumstances.

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
10.2.4, 11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1

Fixed In:
13.0.0, 12.1.3.2, 11.6.3, 11.5.9

Opened: Jul 01, 2015
Severity: 4-Minor
Related Article:
K13887095

Symptoms

A specific combination of configuration options might cause iRule processing to run the CLIENT_ACCEPTED event twice. If the iRule contains a suspending command, the system may eventually stop accepting connections to any TCP virtual servers with that have the Verified Accept option enabled.

Impact

Depending on the scenario, this might: - Result in the specific connection being reset. - Eventually result in TMM being unable to process any further connections to virtual servers with Verified Accept enabled.

Conditions

This occurs when all of the following conditions are met: - Standard Virtual Server is configured. - Virtual Server is configured with a TCP profile in which Verified Accept is enabled. - Client sends the initial data to be sent on the ACK of the three-way-handshake.

Workaround

You can use the following workarounds: - Disable Verified Accept in the TCP profile. - Modify the iRule to run the commands in the CLIENT_ACCEPTED event once, by setting a variable and checking whether the variable has been set on subsequent runs.

Fix Information

The BIG-IP system now correctly processes initial data on the ACK of a three-way handshake when used with Verified Accept so iRule processing does not run the CLIENT_ACCEPTED event twice.

Behavior Change