when I read the osquery

sokcet_events.cpp

source code, I found that

// skip operations on NETLINK_ROUTE sockets
if (saddr[0] == '1' && saddr[1] == '0') {
    continue;
}

why is the saddr with 10 the NETLINK_ROUTE sockets?I can not find some info about it,does anybody knows it?

yeah,I also see that,but those answers doesn't tell what is the meanging of the saddr with 10

0x10 == 16 #define PF_NETLINK 16 is in /usr/include/x86_64-linux-gnu/bits/socket.h (on Ubuntu 18)

thanks.got it