On Monday 01 July 2002 19.49, Don Cohen wrote: > > The ESTABLISHED indicates the TCP state, UNREPLIED indicates the > > conntrack state. This is a TCP session that has only seen ACK in > > one direction, no packets in the other. > > > > Almost related note: The connection is not ASSURED. > > I'm having trouble making sense of your explanation above. > This line is supposed to describe a single connection, right? > Established as a tcp state means the three packet handshake is > complete? But that seems to contradict the unreplied.
See the archives. This was discussed to death some days ago. Summary in short: TCP state only indicates what kind of packets are currently seen on the connection. This can be derived from a single packet due to "connection pickup". > Is there any doc for stuff like this? > - how to read the lines above > - what exactly these things (unreplied, assured, established ...) > mean - can I match on ASSURED ? ASSURED can be matched using the new conntrack match found in patch-o-matic. Normally this flag is only used by conntrack to garbagecollect invalid entries in case of a DoS attempt. There isn't really much use of matching it in rulesets. Regards Henrik
