Bug ID 993269: DoS timestamp cookies are incompatible with FastL4 TCP timestamp rewrite option

Last Modified: Jul 23, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.0

Opened: Feb 11, 2021
Severity: 2-Critical

Symptoms

Using DoS timestamp cookies together with a FastL4 profile with the timestamp rewrite option enabled might lead to traffic failures. DoS timestamp cookies might also lead to problems with traffic generated by the Linux host.

Impact

Traffic is dropped due to incorrect timestamps.

Conditions

-- DoS timestamp cookies are enabled, and either of the following: -- FastL4 profile with the timestamp rewrite option enabled. -- Traffic originating from Linux host.

Workaround

Disable timestamp cookies on the affected VLAN.

Fix Information

None

Behavior Change