diff --git a/chain.go b/chain.go
index 9928d63..e1bda29 100644
--- a/chain.go
+++ b/chain.go
@@ -223,9 +223,10 @@ func (cc *Conn) ListChainsOfTableFamily(family TableFamily) ([]*Chain, error) {
 }
 
 func chainFromMsg(msg netlink.Message) (*Chain, error) {
-	chainHeaderType := netlink.HeaderType((unix.NFNL_SUBSYS_NFTABLES << 8) | unix.NFT_MSG_NEWCHAIN)
-	if got, want := msg.Header.Type, chainHeaderType; got != want {
-		return nil, fmt.Errorf("unexpected header type: got %v, want %v", got, want)
+	newChainHeaderType := netlink.HeaderType((unix.NFNL_SUBSYS_NFTABLES << 8) | unix.NFT_MSG_NEWCHAIN)
+	delChainHeaderType := netlink.HeaderType((unix.NFNL_SUBSYS_NFTABLES << 8) | unix.NFT_MSG_DELCHAIN)
+	if got, want1, want2 := msg.Header.Type, newChainHeaderType, delChainHeaderType; got != want1 && got != want2 {
+		return nil, fmt.Errorf("unexpected header type: got %v, want %v or %v", got, want1, want2)
 	}
 
 	var c Chain
diff --git a/go.mod b/go.mod
index 34c332a..a247513 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/google/nftables
 
-go 1.17
+go 1.18
 
 require (
 	github.com/mdlayher/netlink v1.7.1
diff --git a/monitor.go b/monitor.go
new file mode 100644
index 0000000..cb3ac1c
--- /dev/null
+++ b/monitor.go
@@ -0,0 +1,309 @@
+// Copyright 2018 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package nftables
+
+import (
+	"math"
+	"strings"
+	"sync"
+
+	"github.com/mdlayher/netlink"
+	"golang.org/x/sys/unix"
+)
+
+type MonitorAction uint8
+
+// Possible MonitorAction values.
+const (
+	MonitorActionNew MonitorAction = 1 << iota
+	MonitorActionDel
+	MonitorActionMask MonitorAction = (1 << iota) - 1
+	MonitorActionAny  MonitorAction = MonitorActionMask
+)
+
+type MonitorObject uint32
+
+// Possible MonitorObject values.
+const (
+	MonitorObjectTables MonitorObject = 1 << iota
+	MonitorObjectChains
+	MonitorObjectSets
+	MonitorObjectRules
+	MonitorObjectElements
+	MonitorObjectRuleset
+	MonitorObjectMask MonitorObject = (1 << iota) - 1
+	MonitorObjectAny  MonitorObject = MonitorObjectMask
+)
+
+var (
+	monitorFlags = map[MonitorAction]map[MonitorObject]uint32{
+		MonitorActionAny: {
+			MonitorObjectAny:      0xffffffff,
+			MonitorObjectTables:   1<<unix.NFT_MSG_NEWTABLE | 1<<unix.NFT_MSG_DELTABLE,
+			MonitorObjectChains:   1<<unix.NFT_MSG_NEWCHAIN | 1<<unix.NFT_MSG_DELCHAIN,
+			MonitorObjectRules:    1<<unix.NFT_MSG_NEWRULE | 1<<unix.NFT_MSG_DELRULE,
+			MonitorObjectSets:     1<<unix.NFT_MSG_NEWSET | 1<<unix.NFT_MSG_DELSET,
+			MonitorObjectElements: 1<<unix.NFT_MSG_NEWSETELEM | 1<<unix.NFT_MSG_DELSETELEM,
+			MonitorObjectRuleset: 1<<unix.NFT_MSG_NEWTABLE | 1<<unix.NFT_MSG_DELTABLE |
+				1<<unix.NFT_MSG_NEWCHAIN | 1<<unix.NFT_MSG_DELCHAIN |
+				1<<unix.NFT_MSG_NEWRULE | 1<<unix.NFT_MSG_DELRULE |
+				1<<unix.NFT_MSG_NEWSET | 1<<unix.NFT_MSG_DELSET |
+				1<<unix.NFT_MSG_NEWSETELEM | 1<<unix.NFT_MSG_DELSETELEM |
+				1<<unix.NFT_MSG_NEWOBJ | 1<<unix.NFT_MSG_DELOBJ,
+		},
+		MonitorActionNew: {
+			MonitorObjectAny: 1<<unix.NFT_MSG_NEWTABLE |
+				1<<unix.NFT_MSG_NEWCHAIN |
+				1<<unix.NFT_MSG_NEWRULE |
+				1<<unix.NFT_MSG_NEWSET |
+				1<<unix.NFT_MSG_NEWSETELEM,
+			MonitorObjectTables: 1 << unix.NFT_MSG_NEWTABLE,
+			MonitorObjectChains: 1 << unix.NFT_MSG_NEWCHAIN,
+			MonitorObjectRules:  1 << unix.NFT_MSG_NEWRULE,
+			MonitorObjectSets:   1 << unix.NFT_MSG_NEWSET,
+			MonitorObjectRuleset: 1<<unix.NFT_MSG_NEWTABLE |
+				1<<unix.NFT_MSG_NEWCHAIN |
+				1<<unix.NFT_MSG_NEWRULE |
+				1<<unix.NFT_MSG_NEWSET |
+				1<<unix.NFT_MSG_NEWSETELEM |
+				1<<unix.NFT_MSG_NEWOBJ,
+		},
+		MonitorActionDel: {
+			MonitorObjectAny: 1<<unix.NFT_MSG_DELTABLE |
+				1<<unix.NFT_MSG_DELCHAIN |
+				1<<unix.NFT_MSG_DELRULE |
+				1<<unix.NFT_MSG_DELSET |
+				1<<unix.NFT_MSG_DELSETELEM |
+				1<<unix.NFT_MSG_DELOBJ,
+		},
+	}
+	monitorFlagsInitOnce sync.Once
+)
+
+type MonitorEventType int
+
+const (
+	MonitorEventTypeNewTable   MonitorEventType = unix.NFT_MSG_NEWTABLE
+	MonitorEventTypeDelTable   MonitorEventType = unix.NFT_MSG_DELTABLE
+	MonitorEventTypeNewChain   MonitorEventType = unix.NFT_MSG_NEWCHAIN
+	MonitorEventTypeDelChain   MonitorEventType = unix.NFT_MSG_DELCHAIN
+	MonitorEventTypeNewRule    MonitorEventType = unix.NFT_MSG_NEWRULE
+	MonitorEventTypeDelRule    MonitorEventType = unix.NFT_MSG_DELRULE
+	MonitorEventTypeNewSet     MonitorEventType = unix.NFT_MSG_NEWSET
+	MonitorEventTypeDelSet     MonitorEventType = unix.NFT_MSG_DELSET
+	MonitorEventTypeNewSetElem MonitorEventType = unix.NFT_MSG_NEWSETELEM
+	MonitorEventTypeDelSetElem MonitorEventType = unix.NFT_MSG_DELSETELEM
+	MonitorEventTypeNewObj     MonitorEventType = unix.NFT_MSG_NEWOBJ
+	MonitorEventTypeDelObj     MonitorEventType = unix.NFT_MSG_DELOBJ
+	MonitorEventTypeOOB        MonitorEventType = math.MaxInt // out of band event
+)
+
+type MonitorEvent struct {
+	Type  MonitorEventType
+	Data  any
+	Error error
+}
+
+const (
+	monitorOK = iota
+	monitorClosed
+)
+
+// A Monitor to track actions on objects.
+type Monitor struct {
+	action       MonitorAction
+	object       MonitorObject
+	monitorFlags uint32
+
+	conn   *netlink.Conn
+	closer netlinkCloser
+
+	// mu covers eventCh and status
+	mu      sync.Mutex
+	eventCh chan *MonitorEvent
+	status  int
+}
+
+type MonitorOption func(*Monitor)
+
+func WithMonitorEventBuffer(size int) MonitorOption {
+	return func(monitor *Monitor) {
+		monitor.eventCh = make(chan *MonitorEvent, size)
+	}
+}
+
+// WithMonitorAction to set monitor actions like new, del or any.
+func WithMonitorAction(action MonitorAction) MonitorOption {
+	return func(monitor *Monitor) {
+		monitor.action = action
+	}
+}
+
+// WithMonitorObject to set monitor objects.
+func WithMonitorObject(object MonitorObject) MonitorOption {
+	return func(monitor *Monitor) {
+		monitor.object = object
+	}
+}
+
+// NewMonitor returns a Monitor with options to be started.
+func NewMonitor(opts ...MonitorOption) *Monitor {
+	monitor := &Monitor{
+		status: monitorOK,
+	}
+	for _, opt := range opts {
+		opt(monitor)
+	}
+	if monitor.eventCh == nil {
+		monitor.eventCh = make(chan *MonitorEvent)
+	}
+	objects, ok := monitorFlags[monitor.action]
+	if !ok {
+		objects = monitorFlags[MonitorActionAny]
+	}
+	flags, ok := objects[monitor.object]
+	if !ok {
+		flags = objects[MonitorObjectAny]
+	}
+	monitor.monitorFlags = flags
+	return monitor
+}
+
+func (monitor *Monitor) monitor() {
+	for {
+		msgs, err := monitor.conn.Receive()
+		if err != nil {
+			if strings.Contains(err.Error(), "use of closed file") {
+				// ignore the error that be closed
+				break
+			} else {
+				// any other errors will be send to user, and then to close eventCh
+				event := &MonitorEvent{
+					Type:  MonitorEventTypeOOB,
+					Data:  nil,
+					Error: err,
+				}
+				monitor.eventCh <- event
+				break
+			}
+		}
+		for _, msg := range msgs {
+			if msg.Header.Type&0xff00>>8 != netlink.HeaderType(unix.NFNL_SUBSYS_NFTABLES) {
+				continue
+			}
+			msgType := msg.Header.Type & 0x00ff
+			if monitor.monitorFlags&1<<msgType == 0 {
+				continue
+			}
+			switch msgType {
+			case unix.NFT_MSG_NEWTABLE, unix.NFT_MSG_DELTABLE:
+				table, err := tableFromMsg(msg)
+				event := &MonitorEvent{
+					Type:  MonitorEventType(msgType),
+					Data:  table,
+					Error: err,
+				}
+				monitor.eventCh <- event
+			case unix.NFT_MSG_NEWCHAIN, unix.NFT_MSG_DELCHAIN:
+				chain, err := chainFromMsg(msg)
+				event := &MonitorEvent{
+					Type:  MonitorEventType(msgType),
+					Data:  chain,
+					Error: err,
+				}
+				monitor.eventCh <- event
+			case unix.NFT_MSG_NEWRULE, unix.NFT_MSG_DELRULE:
+				rule, err := parseRuleFromMsg(msg)
+				event := &MonitorEvent{
+					Type:  MonitorEventType(msgType),
+					Data:  rule,
+					Error: err,
+				}
+				monitor.eventCh <- event
+			case unix.NFT_MSG_NEWSET, unix.NFT_MSG_DELSET:
+				set, err := setsFromMsg(msg)
+				event := &MonitorEvent{
+					Type:  MonitorEventType(msgType),
+					Data:  set,
+					Error: err,
+				}
+				monitor.eventCh <- event
+			case unix.NFT_MSG_NEWSETELEM, unix.NFT_MSG_DELSETELEM:
+				elems, err := elementsFromMsg(uint8(TableFamilyUnspecified), msg)
+				event := &MonitorEvent{
+					Type:  MonitorEventType(msgType),
+					Data:  elems,
+					Error: err,
+				}
+				monitor.eventCh <- event
+			case unix.NFT_MSG_NEWOBJ, unix.NFT_MSG_DELOBJ:
+				obj, err := objFromMsg(msg)
+				event := &MonitorEvent{
+					Type:  MonitorEventType(msgType),
+					Data:  obj,
+					Error: err,
+				}
+				monitor.eventCh <- event
+			}
+		}
+	}
+	monitor.mu.Lock()
+	defer monitor.mu.Unlock()
+
+	if monitor.status != monitorClosed {
+		monitor.status = monitorClosed
+	}
+	close(monitor.eventCh)
+}
+
+func (monitor *Monitor) Close() error {
+	monitor.mu.Lock()
+	defer monitor.mu.Unlock()
+
+	if monitor.status != monitorClosed {
+		monitor.status = monitorClosed
+		return monitor.closer()
+	}
+	return nil
+}
+
+// AddMonitor to perform the monitor immediately. The channel will be closed after
+// calling Close on Monitor or encountering a netlink conn error while Receive.
+// Caller may receive a MonitorEventTypeOOB event which contains an error we didn't
+// handle, for now.
+func (cc *Conn) AddMonitor(monitor *Monitor) (chan *MonitorEvent, error) {
+	conn, closer, err := cc.netlinkConn()
+	if err != nil {
+		return nil, err
+	}
+	monitor.conn = conn
+	monitor.closer = closer
+
+	if monitor.monitorFlags != 0 {
+		if err = conn.JoinGroup(uint32(unix.NFNLGRP_NFTABLES)); err != nil {
+			monitor.closer()
+			return nil, err
+		}
+	}
+
+	go monitor.monitor()
+	return monitor.eventCh, nil
+}
+
+func parseRuleFromMsg(msg netlink.Message) (*Rule, error) {
+	genmsg := &NFGenMsg{}
+	genmsg.Decode(msg.Data[:4])
+	return ruleFromMsg(TableFamily(genmsg.NFGenFamily), msg)
+}
diff --git a/monitor_test.go b/monitor_test.go
new file mode 100644
index 0000000..cd99b9d
--- /dev/null
+++ b/monitor_test.go
@@ -0,0 +1,118 @@
+package nftables_test
+
+import (
+	"fmt"
+	"net"
+	"sync"
+	"sync/atomic"
+	"testing"
+
+	"github.com/google/nftables"
+	"github.com/google/nftables/expr"
+	"github.com/google/nftables/internal/nftest"
+)
+
+func TestMonitor(t *testing.T) {
+	// Create a new network namespace to test these operations,
+	// and tear down the namespace at test completion.
+	c, newNS := nftest.OpenSystemConn(t, *enableSysTests)
+	defer nftest.CleanupSystemConn(t, newNS)
+	// Clear all rules at the beginning + end of the test.
+	c.FlushRuleset()
+	defer c.FlushRuleset()
+
+	// default to monitor all
+	monitor := nftables.NewMonitor()
+	events, err := c.AddMonitor(monitor)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer monitor.Close()
+
+	var gotTable *nftables.Table
+	var gotChain *nftables.Chain
+	var gotRule *nftables.Rule
+	wg := sync.WaitGroup{}
+	wg.Add(1)
+	go func() {
+		defer wg.Done()
+		count := int32(0)
+		for {
+			select {
+			case event, ok := <-events:
+				if !ok {
+					return
+				}
+				if event.Error != nil {
+					err = fmt.Errorf("monitor err: %s", event.Error)
+					return
+				}
+				switch event.Type {
+				case nftables.MonitorEventTypeNewTable:
+					gotTable = event.Data.(*nftables.Table)
+					atomic.AddInt32(&count, 1)
+				case nftables.MonitorEventTypeNewChain:
+					gotChain = event.Data.(*nftables.Chain)
+					atomic.AddInt32(&count, 1)
+				case nftables.MonitorEventTypeNewRule:
+					gotRule = event.Data.(*nftables.Rule)
+					atomic.AddInt32(&count, 1)
+				}
+				if atomic.LoadInt32(&count) == 3 {
+					return
+				}
+			}
+		}
+	}()
+
+	nat := c.AddTable(&nftables.Table{
+		Family: nftables.TableFamilyIPv4,
+		Name:   "nat",
+	})
+
+	postrouting := c.AddChain(&nftables.Chain{
+		Name:     "postrouting",
+		Hooknum:  nftables.ChainHookPostrouting,
+		Priority: nftables.ChainPriorityNATSource,
+		Table:    nat,
+		Type:     nftables.ChainTypeNAT,
+	})
+
+	rule := c.AddRule(&nftables.Rule{
+		Table: nat,
+		Chain: postrouting,
+		Exprs: []expr.Any{
+			// payload load 4b @ network header + 12 => reg 1
+			&expr.Payload{
+				DestRegister: 1,
+				Base:         expr.PayloadBaseNetworkHeader,
+				Offset:       12,
+				Len:          4,
+			},
+			// cmp eq reg 1 0x0245a8c0
+			&expr.Cmp{
+				Op:       expr.CmpOpEq,
+				Register: 1,
+				Data:     net.ParseIP("192.168.69.2").To4(),
+			},
+
+			// masq
+			&expr.Masq{},
+		},
+	})
+
+	if err := c.Flush(); err != nil {
+		t.Fatal(err)
+	}
+	wg.Wait()
+	if gotTable.Family != nat.Family || gotTable.Name != nat.Name {
+		t.Fatal("no want table", gotTable.Family, gotTable.Name)
+	}
+	if gotChain.Type != postrouting.Type || gotChain.Name != postrouting.Name ||
+		*gotChain.Hooknum != *postrouting.Hooknum {
+		t.Fatal("no want chain", gotChain.Type, gotChain.Name, gotChain.Hooknum)
+	}
+	if len(gotRule.Exprs) != len(rule.Exprs) {
+		t.Fatal("no want rule")
+	}
+}
diff --git a/obj.go b/obj.go
index e975bb8..50f83f4 100644
--- a/obj.go
+++ b/obj.go
@@ -22,7 +22,10 @@ import (
 	"golang.org/x/sys/unix"
 )
 
-var objHeaderType = netlink.HeaderType((unix.NFNL_SUBSYS_NFTABLES << 8) | unix.NFT_MSG_NEWOBJ)
+var (
+	newObjHeaderType = netlink.HeaderType((unix.NFNL_SUBSYS_NFTABLES << 8) | unix.NFT_MSG_NEWOBJ)
+	delObjHeaderType = netlink.HeaderType((unix.NFNL_SUBSYS_NFTABLES << 8) | unix.NFT_MSG_DELOBJ)
+)
 
 // Obj represents a netfilter stateful object. See also
 // https://wiki.nftables.org/wiki-nftables/index.php/Stateful_objects
@@ -125,8 +128,8 @@ func (cc *Conn) ResetObjects(t *Table) ([]Obj, error) {
 }
 
 func objFromMsg(msg netlink.Message) (Obj, error) {
-	if got, want := msg.Header.Type, objHeaderType; got != want {
-		return nil, fmt.Errorf("unexpected header type: got %v, want %v", got, want)
+	if got, want1, want2 := msg.Header.Type, newObjHeaderType, delObjHeaderType; got != want1 && got != want2 {
+		return nil, fmt.Errorf("unexpected header type: got %v, want %v or %v", got, want1, want2)
 	}
 	ad, err := netlink.NewAttributeDecoder(msg.Data[4:])
 	if err != nil {
diff --git a/rule.go b/rule.go
index 0ae9a53..8bcfda1 100644
--- a/rule.go
+++ b/rule.go
@@ -25,7 +25,10 @@ import (
 	"golang.org/x/sys/unix"
 )
 
-var ruleHeaderType = netlink.HeaderType((unix.NFNL_SUBSYS_NFTABLES << 8) | unix.NFT_MSG_NEWRULE)
+var (
+	newRuleHeaderType = netlink.HeaderType((unix.NFNL_SUBSYS_NFTABLES << 8) | unix.NFT_MSG_NEWRULE)
+	delRuleHeaderType = netlink.HeaderType((unix.NFNL_SUBSYS_NFTABLES << 8) | unix.NFT_MSG_DELRULE)
+)
 
 type ruleOperation uint32
 
@@ -168,7 +171,7 @@ func (cc *Conn) newRule(r *Rule, op ruleOperation) *Rule {
 
 	cc.messages = append(cc.messages, netlink.Message{
 		Header: netlink.Header{
-			Type:  ruleHeaderType,
+			Type:  newRuleHeaderType,
 			Flags: flags,
 		},
 		Data: append(extraHeader(uint8(r.Table.Family), 0), msgData...),
@@ -215,7 +218,7 @@ func (cc *Conn) DelRule(r *Rule) error {
 
 	cc.messages = append(cc.messages, netlink.Message{
 		Header: netlink.Header{
-			Type:  netlink.HeaderType((unix.NFNL_SUBSYS_NFTABLES << 8) | unix.NFT_MSG_DELRULE),
+			Type:  delRuleHeaderType,
 			Flags: flags,
 		},
 		Data: append(extraHeader(uint8(r.Table.Family), 0), data...),
@@ -225,8 +228,8 @@ func (cc *Conn) DelRule(r *Rule) error {
 }
 
 func ruleFromMsg(fam TableFamily, msg netlink.Message) (*Rule, error) {
-	if got, want := msg.Header.Type, ruleHeaderType; got != want {
-		return nil, fmt.Errorf("unexpected header type: got %v, want %v", got, want)
+	if got, want1, want2 := msg.Header.Type, newRuleHeaderType, delRuleHeaderType; got != want1 && got != want2 {
+		return nil, fmt.Errorf("unexpected header type: got %v, want %v or %v", msg.Header.Type, want1, want2)
 	}
 	ad, err := netlink.NewAttributeDecoder(msg.Data[4:])
 	if err != nil {
diff --git a/set.go b/set.go
index c267659..192c619 100644
--- a/set.go
+++ b/set.go
@@ -684,11 +684,14 @@ func (cc *Conn) FlushSet(s *Set) {
 	})
 }
 
-var setHeaderType = netlink.HeaderType((unix.NFNL_SUBSYS_NFTABLES << 8) | unix.NFT_MSG_NEWSET)
+var (
+	newSetHeaderType = netlink.HeaderType((unix.NFNL_SUBSYS_NFTABLES << 8) | unix.NFT_MSG_NEWSET)
+	delSetHeaderType = netlink.HeaderType((unix.NFNL_SUBSYS_NFTABLES << 8) | unix.NFT_MSG_DELSET)
+)
 
 func setsFromMsg(msg netlink.Message) (*Set, error) {
-	if got, want := msg.Header.Type, setHeaderType; got != want {
-		return nil, fmt.Errorf("unexpected header type: got %v, want %v", got, want)
+	if got, want1, want2 := msg.Header.Type, newSetHeaderType, delSetHeaderType; got != want1 && got != want2 {
+		return nil, fmt.Errorf("unexpected header type: got %v, want %v or %v", got, want1, want2)
 	}
 	ad, err := netlink.NewAttributeDecoder(msg.Data[4:])
 	if err != nil {
@@ -762,11 +765,14 @@ func parseSetDatatype(magic uint32) (SetDatatype, error) {
 	return dt, nil
 }
 
-var elemHeaderType = netlink.HeaderType((unix.NFNL_SUBSYS_NFTABLES << 8) | unix.NFT_MSG_NEWSETELEM)
+var (
+	newElemHeaderType = netlink.HeaderType((unix.NFNL_SUBSYS_NFTABLES << 8) | unix.NFT_MSG_NEWSETELEM)
+	delElemHeaderType = netlink.HeaderType((unix.NFNL_SUBSYS_NFTABLES << 8) | unix.NFT_MSG_DELSETELEM)
+)
 
 func elementsFromMsg(fam byte, msg netlink.Message) ([]SetElement, error) {
-	if got, want := msg.Header.Type, elemHeaderType; got != want {
-		return nil, fmt.Errorf("unexpected header type: got %v, want %v", got, want)
+	if got, want1, want2 := msg.Header.Type, newElemHeaderType, delElemHeaderType; got != want1 && got != want2 {
+		return nil, fmt.Errorf("unexpected header type: got %v, want %v or %v", got, want1, want2)
 	}
 	ad, err := netlink.NewAttributeDecoder(msg.Data[4:])
 	if err != nil {
diff --git a/table.go b/table.go
index 24782ed..ff3b592 100644
--- a/table.go
+++ b/table.go
@@ -21,7 +21,10 @@ import (
 	"golang.org/x/sys/unix"
 )
 
-var tableHeaderType = netlink.HeaderType((unix.NFNL_SUBSYS_NFTABLES << 8) | unix.NFT_MSG_NEWTABLE)
+var (
+	newTableHeaderType = netlink.HeaderType((unix.NFNL_SUBSYS_NFTABLES << 8) | unix.NFT_MSG_NEWTABLE)
+	delTableHeaderType = netlink.HeaderType((unix.NFNL_SUBSYS_NFTABLES << 8) | unix.NFT_MSG_DELTABLE)
+)
 
 // TableFamily specifies the address family for this table.
 type TableFamily byte
@@ -150,8 +153,8 @@ func (cc *Conn) ListTablesOfFamily(family TableFamily) ([]*Table, error) {
 }
 
 func tableFromMsg(msg netlink.Message) (*Table, error) {
-	if got, want := msg.Header.Type, tableHeaderType; got != want {
-		return nil, fmt.Errorf("unexpected header type: got %v, want %v", got, want)
+	if got, want1, want2 := msg.Header.Type, newTableHeaderType, delTableHeaderType; got != want1 && got != want2 {
+		return nil, fmt.Errorf("unexpected header type: got %v, want %v or %v", got, want1, want2)
 	}
 
 	var t Table
diff --git a/util.go b/util.go
index de88807..b0576e7 100644
--- a/util.go
+++ b/util.go
@@ -15,6 +15,8 @@
 package nftables
 
 import (
+	"encoding/binary"
+
 	"github.com/google/nftables/binaryutil"
 	"golang.org/x/sys/unix"
 )
@@ -25,3 +27,20 @@ func extraHeader(family uint8, resID uint16) []byte {
 		unix.NFNETLINK_V0,
 	}, binaryutil.BigEndian.PutUint16(resID)...)
 }
+
+// General form of address family dependent message, see
+// https://git.netfilter.org/libnftnl/tree/include/linux/netfilter/nfnetlink.h#29
+type NFGenMsg struct {
+	NFGenFamily uint8
+	Version     uint8
+	ResourceID  uint16
+}
+
+func (genmsg *NFGenMsg) Decode(b []byte) {
+	if len(b) < 16 {
+		return
+	}
+	genmsg.NFGenFamily = b[0]
+	genmsg.Version = b[1]
+	genmsg.ResourceID = binary.BigEndian.Uint16(b[2:])
+}