[ovs-dev] Using conntrack ALGs other than FTP

[Ben Warren]

Hi,

I’d like to use ALGs other than FTP (TFTP, and another one that I’m writing) and see several barriers in OVS that appear to be mostly artificial.
Here’s my understanding - please correct where necessary:

• the command-line parser will only allow “alg=ftp”, and if this is found it encodes FTP’s control port (21) in the OF message.
• there’s some code in 'lib/ofp-actions.c’ that seems to allow use of other ports: ‘format_alg()’, but it doesn’t seem to be used anywhere.
• the code where the netlink message to the kernel is constructed (‘put_connhelper()’ in ofproto-dpif-xlate.c) converts the numeric 21, if found, into the string “ftp” and sends it to the kernel, and has an error for any other value.
• kernel code takes the string and does a lookup of registered conntrack helpers based on name.

I assume only FTP is allowed because it’s common and easy to test?  I don’t understand why there’s the intermediate numeric translation, since both ends (command line and kernel code) work with a string.  Why not allow an arbitrary string (with a length limit) to go all the way through?  Is the concern that it’s hard to properly return errors if an invalid string is entered?

I’ll get started on coding up a patch, but am really interested in understanding the design decision.

thanks,
Ben