libnetfilter_cttimeout is the userspace library that provides a programming interface (API) to the in-kernel cttimeout infrastructure. This infrastructure allows you to define fine-grain connection tracking timeout policies that can be attached to traffic flows via iptables CT target. Before the existence of this infrastructure, you could only set global timeout policies per protocol. This library is currently used by the nfct utility that is part of the conntrack-tools.
libnetfilter_cttimeout homepage is: http://netfilter.org/projects/libnetfilter_cttimeout/
libnetfilter_cttimeout requires libmnl and a kernel that includes the nfnetlink_cttimeout subsystem (i.e. 3.4.0 or later).
The current development version of libnetfilter_cttimeout can be accessed at https://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_cttimeout.git
You need the CAP_NET_ADMIN capability in order to allow your application to receive events from and to send commands to kernel-space, excepting the timeout policy table dumping operation.
libnetfilter_conntrack has been written by Pablo Neira Ayuso.