As for now, the creation and update of conntracks via ctnetlink do not
propagate an event to userspace. This can result in inconsistent
situations if several userspace processes modify the connection tracking
table by means of ctnetlink at the same time. Specifically, using the
conntrack-cli while running an instance of conntrackde unsynchronizes
the cache of conntrackd with the kernel conntrack table. Note that
deletions do not suffer from this problem.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers