Bug ID 603755: dwbld core dump when Auto Blacklisting is configured, in a rare scenario

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6

Fixed In:
13.0.0, 12.1.3.7

Opened: Jul 08, 2016
Severity: 2-Critical

Symptoms

The dynamic white/black daemon (dwbld) (a Control Plane daemon that supports the AFM IP intelligence feature) generates a core when processing an Auto Blacklisting Entry addition by TMM, when attack traffic causes a blacklist entry to be added. The problem happens in a rare scenario when dwbld and tmm are out of sync with respect to category names. This might happen for a very short window when configuration changes are made to Blacklist Categories (such as adding or removing a category).

Impact

dwbld crashes and restarts. No significant impact, as after restart, the dwbld should work properly.

Conditions

-- DoS Auto Blacklisting feature enabled. -- Attack traffic generates an Auto Blacklist IP address entry. -- Configuration change to Blacklist Category occurs at the same time.

Workaround

None.

Fix Information

The release adds handling for the case in which dwbld is not up-to-date with configuration changes to Blacklist Categories when it simultaneously receives an Auto Blacklist Entry.

Behavior Change