Conntrack turns a blind eye to dropped SYNs

The text discusses the connection tracking layer in the Linux kernel called conntrack, and how it interacts with the network stack. It explains that conntrack relies on the Netfilter framework to get notified about network packets passing through the stack, and uses its set of hooks baked into the stack. The author also explores how to observe a TCP SYN packet dropped by the firewall using conntrack. They delve into various ways to discover the inner workings of the Linux network stack, such as using tools like drgn, bpftrace, or Ftrace, and cross-referencing source code.