the problem is that with a active RTP flow arriving to the box (tcpdumpI am just adding another "suspect" here. The tcpdump (which is using libpcap) might be operating at layer 2 (data link?), while netfilter operates in layer 3. Since this is just "sniffing", layer 2 of Linux network stack quickly revealed that this packet is not actually for your machine, so it it dropped.
can see it) my function doesn't get any packet.
however, when the same box that is capturing also participates in the
RTP flow, it's received correctly in the hook.
so, why is not working the promiscuous mode? i'm missing something?