0

I have a Netlink socket, subscribed to destroy events, by using bind with NF_NETLINK_CONNTRACK_DESTROY OR'd into the groups parameter.

When looking through the nfnetlink_compat.h, though, I see that there're more flags than just NEW, UPDATE, and DESTROY - there's an EXP_XYZ variant for each flag as well:

#define NF_NETLINK_CONNTRACK_NEW 0x00000001 #define NF_NETLINK_CONNTRACK_UPDATE 0x00000002 #define NF_NETLINK_CONNTRACK_DESTROY 0x00000004 #define NF_NETLINK_CONNTRACK_EXP_NEW 0x00000008 #define NF_NETLINK_CONNTRACK_EXP_UPDATE 0x00000010 #define NF_NETLINK_CONNTRACK_EXP_DESTROY 0x00000020

I can't find the EXP_XYZ flags documented anywhere I've looked. Where can I find more information on these flags?

Improve this question

1 Answer 1

Reset to default
1

These flags exist to handle notifications about conntrack expectations, which are conntrack RELATED states that are stored in a table and handled by the kernel; you can be notified if an expectation is being added, deleted or modified. This table can be manipulated by user programs like conntrack-tools toolset but are used by kernel modules like the FTP and SIP helpers.

That said, I've never had to use this feature directly: it's usually handled automatically.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.