Thanks Florian. I added that flag, no dice. If I run the libmnl dump example, it successfully prints all conntrack entries. I would assume all the conntrack related kernel modules are loaded. I am on 4.1 kernel. I could be missing something. On Tue, Jun 29, 2021 at 12:38 AM Florian Westphal <fw@xxxxxxxxx> wrote: > > Psyspy 22 <psyspy2020@xxxxxxxxx> wrote: > > Hello Duncan, > > > > I actually need connmark and other conntrack fields like secmark etc. > > I think attr[NFQA_CT] is the correct way to access it but it's empty > > in my case. > > The libnetfilter_queue example sets connmark but doesn't show a way to > > get connmark from the packet. > > IIRC you need to set NFQA_CFG_F_CONNTRACK in NFQA_CFG_FLAGS when setting > up the queue. The example only sets F_GSO, so no conntrack info is > added.
