So, as far as I understand, on ingress, nfc-* keys have never worked? About extending cls_flow.c, unfortunately I don't have experience with coding kernel modules. 03.12.2015, 11:19, "Florian Westphal" <fw@xxxxxxxxx>: > Гаврилов Игорь <iggorok@xxxxxxxxx> wrote: >> So this problem not related to my setup. Seems that it occurs for a long time. Is there any possibility to fix this, and what is the reason of such behavior. > > conntrack is hooked into the ip stack, > thats after the ingress hook. > > So by time cls_flow is called in ingress > conntrack was not yet invoked. > > You would need to extend cls_flow to do a conntrack lookup. > (similar to act_connmark.c) -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
