Bug ID 719600: TCP::collect iRule with L7 policy present may result in connection reset

Last Modified: May 07, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 14.0.0, 14.0.0.1, 14.0.0.2

Fixed In:
14.1.0, 14.0.0.3, 13.1.1.2

Opened: May 10, 2018
Severity: 3-Major

Symptoms

If an iRule utilizing TCP::collect and HTTP_REQUEST is on a virtual server with an L7 policy, the policy engine may cause the connection to be unexpectedly reset with a 'policy execution error' reset cause, and 'Unable to resume pending policy event on connflow' will be logged to /var/log/ltm.

Impact

Connections may be unexpectedly reset and errors logged to /var/log/ltm.

Conditions

TCP::collect and HTTP_REQUEST iRule with L7 policy on virtual server.

Workaround

At the start of the HTTP_REQUEST event, issue an 'after 1' command to allow the policy engine to reach a consistent state before proceeding with the remainder of the iRule.

Fix Information

None

Behavior Change