libnetfilter_conntrack Documentation


libnetfilter_conntrack is a userspace library providing a programming interface (API) to the in-kernel connection tracking state table. The library libnetfilter_conntrack has been previously known as libnfnetlink_conntrack and libctnetlink. This library is currently used by conntrack-tools among many other applications.

libnetfilter_conntrack homepage is:


libnetfilter_conntrack requires libnfnetlink and a kernel that includes the nf_conntrack_netlink subsystem (i.e. 2.6.14 or later, >= 2.6.18 recommended).



The current development version of libnetfilter_conntrack can be accessed at


You need the CAP_NET_ADMIN capability in order to allow your application to receive events from and to send commands to kernel-space, excepting the conntrack table dumping operation.

Using libnetfilter_conntrack

To write your own program using libnetfilter_conntrack, you should start by reading the doxygen documentation (start by LibrarySetup page) and check examples available under utils/ in the libnetfilter_conntrack source code tree. You can compile these examples by invoking `make check'.


libnetfilter_conntrack has been almost entirely written by Pablo Neira Ayuso.

Python Binding

pynetfilter_conntrack is a Python binding of libnetfilter_conntrack written by Victor Stinner. You can visit his official web site at