path: root/conntrack.8
diff options
authorMart Frauenlob <>2016-04-07 20:31:42 +0200
committerPablo Neira Ayuso <>2016-04-08 12:22:57 +0200
commit7688fdadbf805d731cde876346563ef2c5e86e63 (patch)
treed212ccffc8a26597e2749036db46cbeaa99b8371 /conntrack.8
parent39c6c365659ae5ec042e7c33701a4fe74756d694 (diff)
conntrack: man: Add description of tables dying and unconfirmed.
Signed-off-by: Mart Frauenlob <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'conntrack.8')
1 files changed, 16 insertions, 0 deletions
diff --git a/conntrack.8 b/conntrack.8
index a23189a..e8e4480 100644
--- a/conntrack.8
+++ b/conntrack.8
@@ -48,6 +48,22 @@ mechanism used to "expect" RELATED connections to existing ones. Expectations
are generally used by "connection tracking helpers" (sometimes called
application level gateways [ALGs]) for more complex protocols such as FTP,
SIP, H.323.
+.BR "dying" :
+This table shows the conntrack entries, that have expired and that have been
+destroyed by the connection tracking system itself, or via the conntrack utility.
+.BR "unconfirmed" :
+This table shows new entries, that are not yet inserted into the conntrack table.
+These entries are attached to packets that are traversing the stack,
+but did not reach the confirmation point at the postrouting hook.
+The tables "dying" and "unconfirmed" are basically only useful for debugging purposes.
+Under normal operation, it is hard to see entries in any of them.
+There are corner cases, where it is valid to see entries in the
+unconfirmed table, eg. when packets that are enqueued via nfqueue, and
+the dying table, eg. when conntrackd runs in event reliable mode.
The options recognized by
.B conntrack