Bug ID 698333: TMM core upon matching a past (saved) dynamic signature of a specific family (network or dns) after the dynamic signature is disabled for that family on the parent context (but still enabled for other families)

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1

Fixed In:
14.0.0, 13.1.1.2

Opened: Dec 11, 2017
Severity: 2-Critical
Related AskF5 Article:
K43392052

Symptoms

TMM would core upon matching a past (saved) dynamic signature of a specific family (network or dns) after the dynamic signature is disabled for that family on the parent context (but still enabled for other families).

Impact

Traffic interruption due to TMM restart. Traffic disrupted while tmm restarts.

Conditions

This occurs in the following scenario: -- Enable Network and DNS BDOS simultaneously (on DoS Device config). -- Generate dynamic signature that has both network and DNS metrics. -- Wait for signature to be moved to 'past' (persist) state. -- Disable either network or DNS BDOS (but not both). -- TMM cores if the traffic matches this signature.

Workaround

There is no workaround at this time.

Fix Information

In this release, if the dynamic signature is disabled for a specific family on a parent context (but not disabled for other family on that context), any past attack signature for the context is now deleted from the system.

Behavior Change