Adding missing features to libctnetlink and "conntrack" program
I'm back to netfilter hacking, and it's more fun than ever :)
libctnetlink was extended to provide an API function to add an expectation. Also, the cool new conntrack control program now has preliminary support to add expectations from the command line.
This means there is now the full chain in place (from kernel to userspace library to command line tool) to allow expectations to be created from userspace. I wonder how long it will take to see the first userspace ALG's to show up. It would be a pleasure to finally see complex protocol handling done in userspace rather than the kernel side.
While hacking at conntrack, I also added a man page and fixed some other bits and pieces. Once the "do we want an ID, and if yes which kind of ID" discussion has concluded on netfilter-devel, we can submit nfnetlink and ctnetlink to the mainline kernel and make a first libnfnetlink, libctnetlink and conntrack release.