On Mon, Dec 12, 2016 at 11:16:50AM -0800, Joe Stringer wrote:
> Automatic helper assignment was disabled in Linux 4.7 or later, in
> upstream commit 3bb398d925ec ("netfilter: nf_ct_helper: disable
> automatic helper assignment").
>
> Signed-off-by: Joe Stringer <[email protected]>
> ---
> Documentation/faq/openflow.rst | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
>
> diff --git a/Documentation/faq/openflow.rst b/Documentation/faq/openflow.rst
> index d31bbef96c81..632f8e7190da 100644
> --- a/Documentation/faq/openflow.rst
> +++ b/Documentation/faq/openflow.rst
> @@ -535,3 +535,17 @@ Q: The "learn" action can't learn the action I want, can
> you improve it?
> - At least some of the features described in T. A. Hoff, "Extending Open
> vSwitch to Facilitate Creation of Stateful SDN Applications".
>
> +Q: When using the "ct" action with FTP connections, it doesn't seem to matter
> +if I set the "alg=ftp" parameter in the action. Is this required?
> +
> + A: Before Linux 4.7, automatic helper assignment was enabled by default.
> + This means is that even if you do not specify ALGs, the traffic will be
> put
> + through that ALG. In such cases, it is possible to construct OpenFlow
> + tables using conntrack actions that are missing the FTP option, and the
> + conntrack action will still track that FTP connection and correlate its
> + sessions. When using kernels 4.7 or higher, or if the
> "nf_conntrack_helper"
> + sysctl is disabled, you should always specify the alg option for FTP
> + control connections.
> +
> + For more context, see the blog post from the netfilter team:
> + http://www.netfilter.org/news.html#2012-04-03
This is nice but what about also documenting it alongside the option
itself, e.g. add this:
diff --git a/utilities/ovs-ofctl.8.in b/utilities/ovs-ofctl.8.in
index af1eb2b..0be4e0c 100644
--- a/utilities/ovs-ofctl.8.in
+++ b/utilities/ovs-ofctl.8.in
@@ -1839,8 +1839,10 @@ tracker with the \fBtable\fR specified.
The \fBcommit\fR parameter must be specified to use \fBexec(...)\fR.
.
.IP \fBalg=\fIalg\fR
-Specify application layer gateway \fIalg\fR to track specific connection
-types. Supported types include:
+With Linux kernels before 4.7, automatic helper assignment was enabled
+by default and this option has no effect. With later kernels, this
+option enables particular application level gateway \fIalg\fR. Supported
+\fIalg\fR types include:
.RS
.IP \fBftp\fR
Look for negotiation of FTP data connections. If a subsequent FTP data
Acked-by: Ben Pfaff <[email protected]>
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
