Automatic helper assignment was disabled in Linux 4.7 or later, in
upstream commit 3bb398d925ec ("netfilter: nf_ct_helper: disable
automatic helper assignment").Signed-off-by: Joe Stringer <[email protected]> --- Documentation/faq/openflow.rst | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/Documentation/faq/openflow.rst b/Documentation/faq/openflow.rst index d31bbef96c81..632f8e7190da 100644 --- a/Documentation/faq/openflow.rst +++ b/Documentation/faq/openflow.rst @@ -535,3 +535,17 @@ Q: The "learn" action can't learn the action I want, can you improve it? - At least some of the features described in T. A. Hoff, "Extending Open vSwitch to Facilitate Creation of Stateful SDN Applications". +Q: When using the "ct" action with FTP connections, it doesn't seem to matter +if I set the "alg=ftp" parameter in the action. Is this required? + + A: Before Linux 4.7, automatic helper assignment was enabled by default. + This means is that even if you do not specify ALGs, the traffic will be put + through that ALG. In such cases, it is possible to construct OpenFlow + tables using conntrack actions that are missing the FTP option, and the + conntrack action will still track that FTP connection and correlate its + sessions. When using kernels 4.7 or higher, or if the "nf_conntrack_helper" + sysctl is disabled, you should always specify the alg option for FTP + control connections. + + For more context, see the blog post from the netfilter team: + http://www.netfilter.org/news.html#2012-04-03 -- 2.10.2 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
