Comment 2 for bug 1466135

Apologies for the delay on this, I've been travelling. Thanks Chris & others for following up. We've locally cherry-picked this patch and confirmed it fixes our issue, happy to test again with an official deb if someone can point me at that.

Local reproduction instructions:
- Install Ubuntu 14.04.[01] (kernel 3.13.0-40-generic)
- Get docker image that includes OVS dependencies
- Build openvswitch from https://github.com/justinpettit/ovs/tree/conntrack
- Instructions to build here: https://github.com/justinpettit/ovs/blob/conntrack/INSTALL.Debian.md
- Install and load openvswitch module on host. (dpkg -i *.deb, modprobe openvswitch)

In one shell:
# ip addr add dev docker0 192.168.0.2/24; ping 192.168.0.1
(leave running)

In another shell, assumes $PWD contains openvswitch debs and repro script from below:
$ docker run -i -t --entrypoint=bash --privileged=true -v $PWD:/host <docker image with OVS deps>
$ cd /host; ./repro.sh 192.168.0.1
(wait until first shell shows that pings are flowing)
$ ovs-ofctl dump-flows br0
(should show two flows, each which are getting traffic. One has actions=ct(commit,recirc))
$ conntrack -L
(Optional; can see the ICMP connection listed)

Now:
- Press Ctrl+D to exit the container. It is a little slow to exit.
- Subsequent container starts or "ip netns add foo" will hang.

$ cat repro.sh
#!/bin/bash

IP=$1

cd /host
dpkg -i openvswitch-common*deb openvswitch-switch*deb

service openvswitch-switch restart
ovs-vsctl add-br br0
ovs-vsctl add-port br0 eth0

ip link set dev br0 up
ip addr add dev br0 $IP/24
ip addr

ovs-ofctl add-flow br0 "conn_state=-trk,ip actions=ct(commit,recirc)"