Forum Discussion
LillyM_9417
Jul 18, 2012Altostratus
FIN packet
Hello,
We are using this irule to send the client request (who is ready to send its data) to servers.
This irule does not help us to block the following situation.
- when a client complete 3-way handshake but does not send any data then send FIN packet.
In that time, something happen like this, "F5 assumes that the last FIN packet is a data and forward this client request to the server"
How can we prevent from this problem?
===========
when CLIENT_ACCEPTED {
TCP::collect 8
}
when CLIENT_DATA {
set pay1 [TCP::payload 8]
binary scan $pay1 IA4 len1 trn1
}
================
- nitassEmployeenot sure if mblb profile is helpful.
[root@ve10:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.19.79:80 ip protocol 6 profiles { mblb {} tcp {} } } [root@ve10:Active] config b pool foo list pool foo { members 200.200.200.101:80 {} } normal traffic i.e. curl -I http://172.28.19.79 [root@ve10:Active] config tcpdump -nni 0.0 port 80 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes 05:45:12.106760 IP 172.28.19.251.41004 > 172.28.19.79.80: S 425780967:425780967(0) win 5840 05:45:12.106791 IP 172.28.19.79.80 > 172.28.19.251.41004: S 4020758279:4020758279(0) ack 425780968 win 4380 05:45:12.107662 IP 172.28.19.251.41004 > 172.28.19.79.80: . ack 1 win 46 05:45:12.107681 IP 172.28.19.251.41004 > 172.28.19.79.80: P 1:156(155) ack 1 win 46 05:45:12.107735 IP 200.200.200.10.41004 > 200.200.200.101.80: S 1387963131:1387963131(0) win 4380 05:45:12.108692 IP 200.200.200.101.80 > 200.200.200.10.41004: S 434734169:434734169(0) ack 1387963132 win 5792 05:45:12.108702 IP 200.200.200.10.41004 > 200.200.200.101.80: . ack 1 win 4380 05:45:12.108708 IP 200.200.200.10.41004 > 200.200.200.101.80: P 1:156(155) ack 1 win 4380 05:45:12.109599 IP 200.200.200.101.80 > 200.200.200.10.41004: . ack 156 win 54 05:45:12.110836 IP 200.200.200.101.80 > 200.200.200.10.41004: P 1:280(279) ack 156 win 54 05:45:12.110850 IP 172.28.19.79.80 > 172.28.19.251.41004: P 1:280(279) ack 156 win 4535 05:45:12.111745 IP 172.28.19.251.41004 > 172.28.19.79.80: . ack 280 win 54 05:45:12.112685 IP 172.28.19.251.41004 > 172.28.19.79.80: F 156:156(0) ack 280 win 54 05:45:12.112713 IP 172.28.19.79.80 > 172.28.19.251.41004: . ack 157 win 4535 05:45:12.112717 IP 200.200.200.10.41004 > 200.200.200.101.80: F 156:156(0) ack 280 win 4659 05:45:12.113715 IP 200.200.200.101.80 > 200.200.200.10.41004: F 280:280(0) ack 157 win 54 05:45:12.113727 IP 200.200.200.10.41004 > 200.200.200.101.80: . ack 281 win 4659 fin packet i.e. telnet 172.28.19.79 80 and then quit (^] and quit) [root@ve10:Active] config tcpdump -nni 0.0 port 80 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes 05:45:39.709785 IP 172.28.19.251.41005 > 172.28.19.79.80: S 2174834412:2174834412(0) win 5840 05:45:39.709850 IP 172.28.19.79.80 > 172.28.19.251.41005: S 1431148460:1431148460(0) ack 2174834413 win 4380 05:45:39.710797 IP 172.28.19.251.41005 > 172.28.19.79.80: . ack 1 win 46 05:45:41.408859 IP 172.28.19.251.41005 > 172.28.19.79.80: F 1:1(0) ack 1 win 46 05:45:41.408890 IP 172.28.19.79.80 > 172.28.19.251.41005: . ack 2 win 4380
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects