> >>So that we can parse /proc/net/nf_conntrack to list open connections for > a VM. > > I'm not sure, but I think you don't have interfaces listed in nf_conntrack, > only ip src,ip dst. That is why I want to set ctmark with iptables (that is listed in /proc/net/nf_conntrack).