Cisco Bug: CSCsz32590 - Very big flex-content-filter cannot be inserted
Feb 22, 2014
- Cisco Guard DDoS Mitigation Appliances
Known Affected Releases
5.1(6) 6.0(10) 6.1(5)
Symptom: Flex-content-filter cannot be inserted. Failure message: Internal system error during Flex-Content filter configuration Error adding flex-content-filter Log messages: Apr 17 10:47:46 127.1.0.0 IS: Programming Error: regex_filter_preproc was called with (tbl_size < token_size) Apr 17 10:47:46 127.1.0.0 IS: Regex preprocessing indicates some error Apr 17 10:47:46 127.1.0.0 IS: IOCTL: couldnt register filter Sometimes also accelerator card failure may occur after several failures to insert filter because it is too long (causes device reload) Conditions: Flex-content-filter is too long. There are many ".*" strings in it. Example (for blade) flex-content-filter 104 enabled drop 0 0 expression "" pattern "a.*b.*c.*d.*e.*f.*g.*h.*i.*j.*k.*l.*m" For appliances the failure will occur if the flex-content-filter is longer.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases