libnetfilter_conntrack is a userspace library providing a programming interface (API) to the in-kernel connection tracking state table. The library libnetfilter_conntrack has been previously known as libnfnetlink_conntrack and libctnetlink. This library is currently used by conntrack-tools among many other applications.

libnetfilter_conntrack homepage is: http://netfilter.org/projects/libnetfilter_conntrack/

Dependencies

libnetfilter_conntrack requires libnfnetlink and a kernel that includes the nf_conntrack_netlink subsystem (i.e. 2.6.14 or later, >= 2.6.18 recommended).

Features

listing/retrieving entries from the kernel connection tracking table.
inserting/modifying/deleting entries from the kernel connection tracking table.
listing/retrieving entries from the kernel expect table.
inserting/modifying/deleting entries from the kernel expect table.

Tree

The current development version of libnetfilter_conntrack can be accessed at https://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_conntrack.git

Privileges

You need the CAP_NET_ADMIN capability in order to allow your application to receive events from and to send commands to kernel-space, excepting the conntrack table dumping operation.

Using libnetfilter_conntrack

To write your own program using libnetfilter_conntrack, you should start by reading the doxygen documentation (start by LibrarySetup page) and check examples available under utils/ in the libnetfilter_conntrack source code tree. You can compile these examples by invoking `make check'.

Authors

libnetfilter_conntrack has been almost entirely written by Pablo Neira Ayuso.

Python Binding

pynetfilter_conntrack is a Python binding of libnetfilter_conntrack written by Victor Stinner. You can visit his official web site at http://software.inl.fr/trac/trac.cgi/wiki/pynetfilter_conntrack.