[ovs-dev] Conntrack with SCTP: +est is never reached.

Marcelo Ricardo Leitner mleitner at redhat.com
Thu Mar 19 21:10:53 UTC 2020

On Thu, Mar 19, 2020 at 02:30:14PM -0400, Tim Rozet wrote:
> In addition I can see in my setup that conntrack and ovs-dpctl all the
> states are established:
> sctp,orig=(src=,dst=,sport=38982,dport=31769),reply=(src=,dst=,sport=62324,dport=38982),zone=9,protoinfo=(state=ESTABLISHED,vtag_orig=3615038536,vtag_reply=554870550)
> sctp,orig=(src=,dst=,sport=38982,dport=31769),reply=(src=,dst=,sport=31769,dport=38982),protoinfo=(state=ESTABLISHED,vtag_orig=3615038536,vtag_reply=554870550)
> sctp,orig=(src=,dst=,sport=38982,dport=62324),reply=(src=,dst=,sport=62324,dport=38982),zone=8,protoinfo=(state=ESTABLISHED,vtag_orig=3615038536,vtag_reply=554870550)
> sctp,orig=(src=,dst=,sport=38982,dport=62324),reply=(src=,dst=,sport=62324,dport=38982),zone=15,protoinfo=(state=ESTABLISHED,vtag_orig=3615038536,vtag_reply=554870550)
> At this point the connection is open and only heartbeats and HB Acks are
> being sent. However, if I poll ovs-dpctl dump-flows, the only flow I see
> with sctp get hit every few seconds with 1 packet is:
> recirc_id(0x1c),in_port(3),ct_state(+new-est-rel-rpl-inv+trk),ct_label(0/0x1),eth(),eth_type(0x0800),ipv4(dst=,proto=132,frag=no),sctp(dst=31769),
> packets:1, bytes:98, used:3.885s, actions:hash(l4(0)),recirc(0xfd)
> Notice the match contains "+new" but there is no new session here. I'm
> using openvswitch-2.12.0-1.fc31.x86_64.

Not saying that that's the reason, but to have in mind, heartbeats can
create new conntrack entries. That's how it (conntrack) supports
SCTP's multihoming.


