From mboxrd@z Thu Jan 1 00:00:00 1970 From: Florian Westphal Date: Thu, 03 Dec 2015 09:19:38 +0000 Subject: Re: Problem with cls_flow nfct-* keys Message-Id: <20151203091938.GA14358@breakpoint.cc> List-Id: References: <3419281448878074@web15j.yandex.ru> In-Reply-To: <3419281448878074@web15j.yandex.ru> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit To: lartc@vger.kernel.org Гаврилов Игорь wrote: > So this problem not related to my setup. Seems that it occurs for a long time. Is there any possibility to fix this, and what is the reason of such behavior. conntrack is hooked into the ip stack, thats after the ingress hook. So by time cls_flow is called in ingress conntrack was not yet invoked. You would need to extend cls_flow to do a conntrack lookup. (similar to act_connmark.c)