Bug ID 993269: DoS timestamp cookies are incompatible with FastL4 TCP timestamp rewrite option

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5

Fixed In:
17.0.0, 16.1.4, 15.1.9

Opened: Feb 11, 2021

Severity: 2-Critical

Symptoms

Using DoS timestamp cookies together with a FastL4 profile with the timestamp rewrite option enabled might lead to traffic failures. DoS timestamp cookies might also lead to problems with traffic generated by the Linux host.

Impact

Traffic is dropped due to incorrect timestamps.

Conditions

-- DoS timestamp cookies are enabled, and either of the following: -- FastL4 profile with the timestamp rewrite option enabled. -- Traffic originating from Linux host.

Workaround

Disable timestamp cookies on the affected VLAN.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips