Hi Pablo, Did you follow the email thread https://www.spinics.net/lists/netfilter/msg60278.html? In summary, OP asked: > Good morning! I am using the nf-queue.c example from > libnetfilter_queue repo. In the queue_cb() function, I am trying to > get the conntrack info but this condition is always false. > > if(attr[NFQA_CT]) > > I can see the flow in conntrack -L output. Anyone know what I am > missing? Appreciate your help! and Florian replied: > IIRC you need to set NFQA_CFG_F_CONNTRACK in NFQA_CFG_FLAGS when setting > up the queue. The example only sets F_GSO, so no conntrack info is > added. My question is, where should all this have been documented? `man nfq_set_queue_flags` documents NFQA_CFG_F_CONNTRACK, but nfq_set_queue_flags() is deprecated and OP was not using it. The modern approach is to code > mnl_attr_put_u32(nlh, NFQA_CFG_MASK, htonl(NFQA_CFG_F_GSO)); NFQA_CFG_MASK is supplied by a libnetfilter_queue header, while mnl_attr_put_u32() is a libmnl function. What to do? Cheers ... Duncan.
