[ovs-discuss] What's the purpose of alg=ftp in the ct action?

Samuel Jean sjean at digitalocean.com
Tue Dec 6 16:03:19 UTC 2016


Howdy folks,

Yesterday, I was playing with the conntrack stuff available since 2.5 and I
my assumption was that OVS relies on nf_conntrack for tracking tuples and
states.  So for FTP to work, I assumed all I need is to make sure the
nf_conntrack_ftp module is loaded to perform its duty.  It proved to work
just fine.  However, the ovs-ofctl man page suggests to use the alg=ftp
argument to the ct() action.  That puzzles me a bit since it seems all it
does is to load the nf_conntrack_ftp module on my behalf.

One of the few thoughts I had to justify that sugar syntax is to allow FTP
session tracking regardless of the port on which the server is listening.

Can anyone clarify the purpose of this argument and wether it is reliable
to not use alg= at all but rather load the conntrack helpers and allow the
ports on which the services are listening to?

Best regards,

Sam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20161206/c137f826/attachment.html>


More information about the discuss mailing list