I have 2 WAN links.

WAN1 => set mark 1
WAN2 => set mark 2

I see that it can do Load Balancing and shares the lines with a probability of 0.5. When I print packet.Mark, I see that requests are coming through 1 and 2. I want to set the Mark as 1 like in the code below and only direct traffic through WAN1. However, I can't achieve this as output. What is the mistake? Thanks for your answer.

func ReadPacketDataNFQUEUE(queueNum uint16){
	nfq, err := netfilter.NewNFQueue(queueNum, 16384, netfilter.NF_DEFAULT_PACKET_SIZE)
    if err != nil {
    	fmt.Println(err)
        return
    }
    defer nfq.Close()
    for packet := range nfq.GetPackets() {
    	mark:=uint32(packet.Mark)
    	mark = 1
    	packet.Mark = mark
    	packet.SetVerdictMark(netfilter.NF_ACCEPT,mark)
}

I am on an Ubuntu 18.04 LTS, using libnetfilter 1.0.2 package.
When trying to compile, I get the following error:

error: 'uintptr_t' undeclared (first use in this function); did you mean 'intptr_t'?

An error occurs when libnetfilter-queue-dev(1.0.5-2) is installed：

pkg-config --cflags -- libnetfilter_queue

Package libnetfilter_queue was not found in the pkg-config search path.
Perhaps you should add the directory containing `libnetfilter_queue.pc'
to the PKG_CONFIG_PATH environment variable
No package 'libnetfilter_queue' found
pkg-config: exit status 1

zxx@zxx-System : go run *.go

go build github.com/AkihiroSuda/go-netfilter-queue: build constraints exclude all Go files in /home/zxx/Go/work/src/github.com/AkihiroSuda/go-netfilter-queue

I have the following example, which tries to redirect my pings to 8.8.8.8 address instead of the original request:

package main

import (
	"fmt"
	"net"
	"os"

	"github.com/AkihiroSuda/go-netfilter-queue"
	"github.com/google/gopacket/layers"
)

func main() {
	var err error

	nfq, err := netfilter.NewNFQueue(0, 100, netfilter.NF_DEFAULT_PACKET_SIZE)
	if err != nil {
		fmt.Println(err)
		os.Exit(1)
	}
	defer nfq.Close()
	packets := nfq.GetPackets()

	for true {
		select {
		case p := <-packets:
			fmt.Println(p.Packet)

			p.Packet.NetworkLayer().(*layers.IPv4).DstIP = net.IPv4(8, 8, 8, 8)

			fmt.Println("new ->", p.Packet)

			p.SetVerdictWithPacket(netfilter.NF_ACCEPT, p.Packet.Data())
		}
	}
}

I think from the logs, that it doesn't work, since even if I change the IP to a bad address instead I still get a response in ping CLI, where am I doing it wrong?

I used sudo iptables -A OUTPUT -p icmp -j NFQUEUE to setup the queue.

Please tell me why when measuring speed with a slash, packets are often discarded? "" Dropping, unexpectedly due to no recv ", what does it depend on? I am assuming that the program processing speed in user space?

nfq.packets = make(chan NFPacket)when nfq.packets is initialization，it should have buffer.If it doesn't have buffer,when some package come at the same time,it will drop them a lot.

There should be chance that nfq.idx of queues collide with each other.

when I call the SetVerdictWithPacket function, it didnt work normally and system hang up with cpu usage 100%, And I also found that the function go_callback you defined in netfilter.go doest use anywhere, is this normal?