# libnetfilter-conntrack > library for kernel connection tracking state table **Wikidata**: [Q130443029](https://www.wikidata.org/wiki/Q130443029) **Source**: https://4ort.xyz/entity/libnetfilter-conntrack ## Summary **libnetfilter-conntrack** is a userspace library designed to interface with the Linux kernel's connection tracking state table. It is a component of the Netfilter project, maintained by Pablo Neira Ayuso, and provides the necessary tools for programs to interact with network connection tracking systems. The library is free software released under the GNU General Public License. ## Key Facts - **Definition:** A software library providing an interface to the kernel connection tracking state table. - **Latest Version:** Version 1.1.0 (stable), released on September 25, 2024. - **License:** GNU General Public License, version 2.0 or later (GPLv2+) since version 0.9.1; previous versions were GPLv2 only. - **Part Of:** The Netfilter project. - **Maintainer:** Pablo Neira Ayuso. - **Copyright Holders:** Pablo Neira Ayuso and Harald Welte. - **Platform:** Linux kernel and Linux-libre. - **Source Code Repository:** [https://git.netfilter.org/libnetfilter_conntrack/](https://git.netfilter.org/libnetfilter_conntrack/) - **Debian Packages:** `libnetfilter-conntrack-dev`, `libnetfilter-conntrack-doc`, `libnetfilter-conntrack3`. ## FAQs ### Q: What is the primary function of libnetfilter-conntrack? A: It is a library that allows userspace applications to interact with the Linux kernel's connection tracking state table, which is essential for stateful packet inspection and network address translation (NAT). ### Q: Under what license is libnetfilter-conntrack distributed? A: The library is distributed under the GNU General Public License. Since version 0.9.1 (released around February 2011), it has been licensed under GPLv2.0 or later; earlier versions were strictly GPLv2.0. ### Q: Who are the key figures behind libnetfilter-conntrack? A: The library is maintained by Spanish computer scientist Pablo Neira Ayuso. Co-copyright holders include Pablo Neira Ayuso and German Linux kernel hacker Harald Welte. ### Q: Where can the source code or documentation be found? A: The source code is hosted in a git repository at git.netfilter.org, and the user manual is available in English at the Netfilter project website. ## Why It Matters libnetfilter-conntrack is a critical piece of infrastructure in the Linux networking ecosystem. As part of the Netfilter project, it serves as the interface between the kernel's complex connection tracking system (conntrack) and the userspace utilities that administrators use to manage network security. Without this library, developers would lack a standardized, programmatic way to query, modify, or monitor the state of network connections passing through the Linux kernel. This library enables the functionality of higher-level tools and security applications, such as firewalls and connection tracking utilities (`conntrack-tools`), allowing them to enforce stateful policies. Its continued maintenance and recent updates (such as the September 2024 release) highlight its ongoing relevance in modern Linux distributions. By providing a stable API, it insulates applications from internal kernel changes, ensuring that networking software remains functional across different kernel versions. ## Notable For - **Kernel Interaction:** Providing the specific userspace interface to the Linux kernel's connection tracking state table. - **Netfilter Integration:** Being an official, integral part of the Netfilter project, the core packet filtering framework for Linux. - **Expert Maintenance:** Being maintained by Pablo Neira Ayuso, a prominent figure in Linux networking and the Netfilter core team. - **Licensing Shift:** Transitioning from a strict GPLv2 license to a more flexible "GPLv2 or later" license in 2011. - **Broad Adoption:** Availability in major Linux distribution repositories, including Debian, Ubuntu, and Gentoo. ## Body ### Functionality and Purpose libnetfilter-conntrack is a software library classified as an interface for the Linux kernel's connection tracking state table. It allows userspace programs to access the "conntrack" subsystem, which tracks the state of logical connections or sessions passing through the kernel. This interaction is essential for implementing stateful firewalls and network utilities that need to know whether a packet is part of an established connection (like a TCP stream or a UDP association) or a new one. ### Development and Licensing The library operates primarily on the Linux kernel and Linux-libre platforms. It is categorized as free software. **Licensing History:** - **Initial Phase:** Versions prior to 0.9.1 were released strictly under the **GNU General Public License, version 2.0**. - **Current Phase:** Starting with version 0.9.1 (timestamped around February 24, 2011), the license was updated to **GNU General Public License, version 2.0 or later (GPLv2+)**. ### Key Personnel The project has been heavily influenced by two notable figures in the open-source community: - **Pablo Neira Ayuso:** A Spanish computer scientist and researcher who serves as the current maintainer of the library. - **Harald Welte:** A German programmer and Linux kernel hacker who shares copyright attribution for the software. ### Release History The project is actively maintained. - **Stable Release:** The most recent stable version is **1.1.0**, which was announced by Pablo Neira Ayuso on **September 25, 2024**. - **Debian History:** The library has been present in the Debian stable repository since October 1, 2006. ### Distribution and Availability libnetfilter-conntrack is widely available across various Linux distributions, often serving as a dependency for higher-level networking tools. - **Debian/Ubuntu:** It is distributed via packages such as `libnetfilter-conntrack-dev` (development files), `libnetfilter-conntrack-doc` (documentation), and `libnetfilter-conntrack3` (shared libraries). - **Gentoo:** Available as `net-libs/libnetfilter_conntrack`. - **Guix:** Available under the variable name `libnetfilter-conntrack`. ### Resources - **Website:** The official project page is hosted at [netfilter.org](https://www.netfilter.org/projects/libnetfilter_conntrack/). - **Repository:** The source code is managed via a git repository available at `git.netfilter.org`. - **Documentation:** A user manual is available in English, providing API details for developers. ## References 1. [Source](https://www.netfilter.org/projects/libnetfilter_conntrack/) 2. [libnetfilter_conntrack 1.1.0 release. 2024](https://marc.info/?l=netfilter&m=172727333714130&w=2) 3. [Source](https://packages.debian.org/source/bookworm/libnetfilter-conntrack) 4. [Source](https://metadata.ftp-master.debian.org/changelogs//main/libn/libnetfilter-conntrack/libnetfilter-conntrack_1.0.9-3_copyright) 5. [Source](https://git.netfilter.org/libnetfilter_conntrack/tree/README) 6. [Source](https://git.netfilter.org/libnetfilter_conntrack/tree/src/main.c)