Bug ID 751924: TSO packet bit fails IPsec during ESP encryption

Last Modified: Jan 07, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 15.0.0, 15.0.1, 15.0.1.1

Fixed In:
15.1.0

Opened: Dec 05, 2018
Severity: 2-Critical

Symptoms

Internal error when an unexpected packet bit for TCP segment offload manages to reach crypto code for ESP in IPsec, when this is not expected.

Impact

Traffic disrupted while tmm restarts.

Conditions

Traffic passing through ESP encapsulation for an IPsec tunnel when the TSO bit (for TcpSegmentationOffload) is set on the packet involved.

Workaround

None.

Fix Information

Now we ensure the TSO bit is cleared, so it doesn't cause ESP crypto code to fail, when it cannot be handled correctly.

Behavior Change