Re: One-way SCTP thru SRX345 on JunOS 15.1X49-D50.3

So, basically - SCTP FSM is broken in SRX branch and we cannot use this box for our SCTP-based applications. With all-allow policies the traffic doesn't get thru due to failing state machine/alg?  Here is another example:

Aug  5 11:45:48 11:45:48.574538:CID-1:RT:  flow_first_in_dst_nat: in <gr-0/0/0.0>, out <N/A> dst_adr 192.168.130.68, sp 5114, dp 65027
Aug  5 11:45:48 11:45:48.574538:CID-1:RT:  chose interface gr-0/0/0.0 as incoming nat if.
Aug  5 11:45:48 11:45:48.574538:CID-1:RT:flow_first_rule_dst_xlate: DST no-xlate: 0.0.0.0(0) to 192.168.130.68(65027)
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:flow_first_routing: vr_id 0, call flow_route_lookup(): src_ip 172.16.14.17, x_dst_ip 192.168.130.68, in ifp gr-0/0/0.0, out ifp N/A sp 5114, dp 65027, ip_proto 132, tos 0
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:Doing DESTINATION addr route-lookup
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:flow_ipv4_rt_lkup success 192.168.130.68, iifl 0x5d, oifl 0x4c
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:  routed (x_dst_ip 192.168.130.68) from r-site14 (gr-0/0/0.0 in 0) to ge-0/0/4.301, Next-hop: 192.168.159.2
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:flow_first_policy_search: policy search from zone r-site14-> zone SIGNAL (0x0,0x13fafe03,0xfe03)
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:Policy lkup: vsys 0 zone(21:r-site14) -> zone(13:SIGNAL) scope:0
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:             172.16.14.17/5114 -> 192.168.130.68/65027 proto 132
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:  policy has app_id 83
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:  app 83, timeout 1800s, curr ageout 1800s
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:  permitted by policy iub(76)
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:  packet passed, Permitted by policy.
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:flow_first_src_xlate:  nat_src_xlated: False, nat_src_xlate_failed: False
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:flow_first_src_xlate:  incoming src port is : 5114.
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:flow_first_src_xlate: src nat returns status: 0, rule/pool id: 0/0, pst_nat: False.
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:  dip id = 0/0, 172.16.14.17/5114->172.16.14.17/5114 protocol 0
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:  choose interface ge-0/0/4.301(P2P) as outgoing phy if
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:is_loop_pak: No loop: on ifp: ge-0/0/4.301, addr: 192.168.130.68, rtt_idx:0
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:  check nsrp pak fwd: in_tun=0x5d, VSD 0 for out ifp ge-0/0/4.301
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:  vsd 0 is active
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:-jsf : Alloc sess plugin info for session 992137575740
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:[JSF]Normal interest check. regd plugins 28, enabled impl mask 0x0
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:ha_ifp: ge-0/0/4.301
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:+++++++++++jsf_test_plugin_data_evh: 3
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:[JSF]Plugins(0x0, count 0) enabled for session = 992137575740, impli mask(0x0), post_nat cnt 0 svc req(0x61420d28)
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:-jsf : no plugin interested for session 992137575740, free sess plugin info
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:[JSF]Releasing plugin info blocks
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:  service lookup identified service 83.
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:  flow_first_final_check: in <gr-0/0/0.0>, out <ge-0/0/4.301>
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:In flow_first_complete_session
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:flow_first_complete_session, pak_ptr: 0x51048bc8, nsp: 0x59897640, in_tunnel: 0x56a31d30
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:construct v4 vector for nsp2 and nsp
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:  existing vector list 0x10024-0x4ae3d520.
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:  existing vector list 0x10024-0x4ae3d520.
Aug  5 11:45:48 11:45:48.574736:CID-1:RT:  Session (id:130364) created for first pak 10024
Aug  5 11:45:48 11:45:48.574932:CID-1:RT:first pak processing successful
Aug  5 11:45:48 11:45:48.574932:CID-1:RT:  flow_first_install_session======> 0x59897640
Aug  5 11:45:48 11:45:48.574932:CID-1:RT: nsp 0x59897640, nsp2 0x598976d0
Aug  5 11:45:48 11:45:48.574932:CID-1:RT:  make_nsp_ready_no_resolve()
Aug  5 11:45:48 11:45:48.574932:CID-1:RT:flow_ipv4_rt_lkup success 172.16.14.17, iifl 0x5d, oifl 0x5d
Aug  5 11:45:48 11:45:48.574932:CID-1:RT:  route lookup: dest-ip 172.16.14.17 orig ifp gr-0/0/0.0 output_ifp gr-0/0/0.0 orig-zone 21 out-zone 21 vsd 0
Aug  5 11:45:48 11:45:48.574932:CID-1:RT:  route to 172.16.14.17
Aug  5 11:45:48 11:45:48.574932:CID-1:RT:ha_ifp: ge-0/0/4.301
Aug  5 11:45:48 11:45:48.574932:CID-1:RT:Conflict session (137881) is VALID state
Aug  5 11:45:48 11:45:48.574932:CID-1:RT:  packet dropped, failed to install nsp2
Aug  5 11:45:48 11:45:48.574932:CID-1:RT:failed to install nsp2
Aug  5 11:45:48 11:45:48.574932:CID-1:RT:first path session installation failed
Aug  5 11:45:48 11:45:48.574932:CID-1:RT:  flow find session returns error.
Aug  5 11:45:48 11:45:48.574932:CID-1:RT:flow_process_pkt_exception: Freeing lpak 0x51048bc8 associated with mbuf 0x43103200
Aug  5 11:45:48 11:45:48.574932:CID-1:RT: ----- flow_process_pkt rc 0x7 (fp rc 0)