From 7688fdadbf805d731cde876346563ef2c5e86e63 Mon Sep 17 00:00:00 2001 From: Mart Frauenlob Date: Thu, 7 Apr 2016 20:31:42 +0200 Subject: conntrack: man: Add description of tables dying and unconfirmed. Signed-off-by: Mart Frauenlob Signed-off-by: Pablo Neira Ayuso --- conntrack.8 | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/conntrack.8 b/conntrack.8 index a23189a..e8e4480 100644 --- a/conntrack.8 +++ b/conntrack.8 @@ -48,6 +48,22 @@ mechanism used to "expect" RELATED connections to existing ones. Expectations are generally used by "connection tracking helpers" (sometimes called application level gateways [ALGs]) for more complex protocols such as FTP, SIP, H.323. +.TP +.BR "dying" : +This table shows the conntrack entries, that have expired and that have been +destroyed by the connection tracking system itself, or via the conntrack utility. +.TP +.BR "unconfirmed" : +This table shows new entries, that are not yet inserted into the conntrack table. +These entries are attached to packets that are traversing the stack, +but did not reach the confirmation point at the postrouting hook. +.PP +The tables "dying" and "unconfirmed" are basically only useful for debugging purposes. +Under normal operation, it is hard to see entries in any of them. +There are corner cases, where it is valid to see entries in the +unconfirmed table, eg. when packets that are enqueued via nfqueue, and +the dying table, eg. when conntrackd runs in event reliable mode. +.PP .SH OPTIONS The options recognized by .B conntrack -- cgit v1.2.3