ons 2012-03-21 klockan 12:32 +1300 skrev Amos Jeffries: > The UDS packets comes to mind, but that is a different PF_* family > type. I stopped looking at that point. > > It could be the packet MARK lookups which are done through > libnetfilter-*. I have very little idea how that library works > internally.
Packet MARK or connection MARK? Packet MARK should be available via normal getsockopt, if at all.. connection MARK needs a netfilter netlink request via libnetfilter-conntrack. Regards Henrik who incidently happens to be original author of netfilter CONNMARK some generations ago, long before there was netlink support for querying conntrack like this
