Bug ID 570058: [IPsec] tmm crash 'invalid racoon2 block header prefix' at informational_initiator_transmit_post_process

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Fixed In:
12.1.0

Opened: Jan 26, 2016
Severity: 3-Major

Symptoms

During IPsec configuration changes, an IKEv2 message may fail to be sent to the peer, and the packet memory could be release twice that causes segmentation fault crash in TMM.

Impact

Traffic disrupted while tmm restarts.

Conditions

IPsec configuration changes, and IKEv2 tries to send message to the disconnected remote peer.

Workaround

The situation is rare, and mostly caused by rapid IPsec configuration changes to traffic-selectors or ipsec-policies. Pacing the configuration changes apart in time will help avoid the situation.

Fix Information

The double-release of the packet memory for the IKEv2 message has been fixed so that the rare sequence of IPsec configuration change does not cause TMM core.

Behavior Change