Signed-off-by: Mart Frauenlob <mart.frauenlob@xxxxxxxxx> --- conntrack.8 | 17 +++++++++++++++++ 1 files changed, 17 insertions(+), 0 deletions(-) diff --git a/conntrack.8 b/conntrack.8 index e54951a..dfde9f0 100644 --- a/conntrack.8 +++ b/conntrack.8 @@ -48,6 +48,23 @@ mechanism used to "expect" RELATED connections to existing ones. Expectations are generally used by "connection tracking helpers" (sometimes called application level gateways [ALGs]) for more complex protocols such as FTP, SIP, H.323. +.TP +.BR "dying" : +This table shows the conntrack entries, that have expired and that have been +destroyed by the connection tracking system itself, or via the conntrack utility. +.TP +.BR "unconfirmed" : +This table shows new entries, that are not yet inserted into the conntrack table. +These entries are attached to packets that are traversing the stack, +but did not reach the confirmation point at the postrouting hook. +.PP +The tables "dying" and "unconfirmed" are basically only useful for debugging purposes. +Under normal operation, it is hard to see entries in any of them. +There are corner cases, where it is valid to see entries in the +unconfirmed table: +1) when packets that are enqueued via nfqueue, or +2) when conntrackd runs in event reliable mode. +.PP .SH OPTIONS The options recognized by .B conntrack -- 1.7.2.5 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
