Bug ID 745923: Connection flow collision can cause packets to be sent with source and/or destination port 0

Last Modified: Jun 01, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3

Fixed In:
15.1.0, 14.1.2.5

Opened: Oct 04, 2018
Severity: 3-Major

Symptoms

Symptoms vary based on traffic impacted: Virtual server may reset a connection with the source and/or destination port set to 0 when the client sends an ACK after a 4-way close UDP traffic to virtual server with UDP profile immediate timeout configured or datagram load-balancing can collide with existing connections and be incorrectly sent with source and/or destination port 0.

Impact

Virtual server performs an incorrect reset with source or destination port 0, or UDP proxy traffic is sent incorrectly with source and/or destination port 0.

Conditions

-- Conditions to trigger this issue with TCP traffic: - 3-way handshake initiated by client to virtual server. - Client actively closing the connection - 4-way close. - Client continues to send ACK after 4-way close. -- Conditions to trigger this issue with UDP traffic: - UDP profile has timeout immediate configured or datagram load-balancing. - UDP packet arrives that matches an expiring but still-present connection. -- Provisioned for AFM.

Workaround

None.

Fix Information

Connection flow collision no longer causes packets to be sent from source port 0.

Behavior Change