|author||Mart Frauenlob <firstname.lastname@example.org>||2016-04-07 20:31:42 +0200|
|committer||Pablo Neira Ayuso <email@example.com>||2016-04-08 12:22:57 +0200|
conntrack: man: Add description of tables dying and unconfirmed.
Signed-off-by: Mart Frauenlob <firstname.lastname@example.org> Signed-off-by: Pablo Neira Ayuso <email@example.com>
Diffstat (limited to 'conntrack.8')
1 files changed, 16 insertions, 0 deletions
diff --git a/conntrack.8 b/conntrack.8
index a23189a..e8e4480 100644
@@ -48,6 +48,22 @@ mechanism used to "expect" RELATED connections to existing ones. Expectations
are generally used by "connection tracking helpers" (sometimes called
application level gateways [ALGs]) for more complex protocols such as FTP,
+.BR "dying" :
+This table shows the conntrack entries, that have expired and that have been
+destroyed by the connection tracking system itself, or via the conntrack utility.
+.BR "unconfirmed" :
+This table shows new entries, that are not yet inserted into the conntrack table.
+These entries are attached to packets that are traversing the stack,
+but did not reach the confirmation point at the postrouting hook.
+The tables "dying" and "unconfirmed" are basically only useful for debugging purposes.
+Under normal operation, it is hard to see entries in any of them.
+There are corner cases, where it is valid to see entries in the
+unconfirmed table, eg. when packets that are enqueued via nfqueue, and
+the dying table, eg. when conntrackd runs in event reliable mode.
The options recognized by