[ovs-dev] Conntrack with SCTP: +est is never reached.

Marcelo Ricardo Leitner mleitner at redhat.com
Thu Mar 19 21:10:53 UTC 2020


On Thu, Mar 19, 2020 at 02:30:14PM -0400, Tim Rozet wrote:
> In addition I can see in my setup that conntrack and ovs-dpctl all the
> states are established:
> sctp,orig=(src=169.254.33.1,dst=169.254.33.2,sport=38982,dport=31769),reply=(src=10.244.0.5,dst=169.254.33.1,sport=62324,dport=38982),zone=9,protoinfo=(state=ESTABLISHED,vtag_orig=3615038536,vtag_reply=554870550)
> sctp,orig=(src=169.254.33.1,dst=169.254.33.2,sport=38982,dport=31769),reply=(src=169.254.33.2,dst=169.254.33.1,sport=31769,dport=38982),protoinfo=(state=ESTABLISHED,vtag_orig=3615038536,vtag_reply=554870550)
> sctp,orig=(src=169.254.33.1,dst=10.244.0.5,sport=38982,dport=62324),reply=(src=10.244.0.5,dst=100.64.0.1,sport=62324,dport=38982),zone=8,protoinfo=(state=ESTABLISHED,vtag_orig=3615038536,vtag_reply=554870550)
> sctp,orig=(src=100.64.0.1,dst=10.244.0.5,sport=38982,dport=62324),reply=(src=10.244.0.5,dst=100.64.0.1,sport=62324,dport=38982),zone=15,protoinfo=(state=ESTABLISHED,vtag_orig=3615038536,vtag_reply=554870550)
> 
> At this point the connection is open and only heartbeats and HB Acks are
> being sent. However, if I poll ovs-dpctl dump-flows, the only flow I see
> with sctp get hit every few seconds with 1 packet is:
> recirc_id(0x1c),in_port(3),ct_state(+new-est-rel-rpl-inv+trk),ct_label(0/0x1),eth(),eth_type(0x0800),ipv4(dst=169.254.33.2,proto=132,frag=no),sctp(dst=31769),
> packets:1, bytes:98, used:3.885s, actions:hash(l4(0)),recirc(0xfd)
> 
> Notice the match contains "+new" but there is no new session here. I'm
> using openvswitch-2.12.0-1.fc31.x86_64.

Not saying that that's the reason, but to have in mind, heartbeats can
create new conntrack entries. That's how it (conntrack) supports
SCTP's multihoming.

  Marcelo



More information about the dev mailing list