Hello. I did some additional investigations: it looks that what I'm looking for can be accomplished with the call to nf_ct_l3proto_try_module_get But this looks valid only for some 4.x kernel versions. From more recent versions it looks this has been removed. Anyone can point me to how to approach this on newer kernels? Thanks so much Il giorno ven 8 mag 2020 alle ore 10:10 b38911 Zxc <b38911@xxxxxxxxx> ha scritto: > > I have a doubt on the correct usage of the conntrack func "nf_ct_get". > > I'm calling it in this way in my netfilter, to track UDP traffic: > > -----<Code snippet>----- > > ct = nf_ct_get(skb, &ctinfo); > if (ct == NULL) > ... > > -----<Code snippet>----- > > On some systems it just work. In some others I get the result as NULL > until I do something like > > # iptables -A OUTPUT -m conntrack --ctstate NEW,RELATED,ESTABLISHED -j ACCEPT > > I understand that this is due to some module missing. My question is: > is this the only way to do it? > Can I force this programmatically (or by loading/registering specific modules)? > If I'm not wrong, the modules insertion is not enough to get this > working, an additional action is required. > Thanks a lot for your help! > > CC
