Bug ID 640352: Connflow can be leaked when DHCP proxy in forwarding mode with giaddr set in DHCP renewal packet

Last Modified: Oct 01, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP PEM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 13.0.0

Fixed In:
13.1.0, 13.0.0 HF1, 12.1.2 HF1

Opened: Jan 19, 2017
Severity: 2-Critical
Related AskF5 Article:
K01000259

Symptoms

Connflow entry memory are leaked when BIG-IP DHCP proxy is configured in forwarding mode and the DHCP relay agent between the DHCP client and the BIG-IP system sets giaddr field to itself after connflows created are aged out in a particular order.

Impact

Some connflows are not freed. Memory leak occurs. Eventually memory is exhausted.

Conditions

1) BIG-IP DHCP proxy is configured in forwarding mode. 2) DHCP relay agent sits between the DHCP client and the BIG-IP system sets giaddr field in DHCP renewal packet to itself (this has been observed in Cisco devices), so that DHCP renewal packet will be sent to a relay agent by DHCP servers. 3) Connflow created to giaddr(relay agent) ages out before connflows created to DHCP clients.

Workaround

None.

Fix Information

Ref count handing for giaddr connflows are now decremented when the client side connflow is removed, preventing the memory leak.

Behavior Change