Comment 2 for bug 112611

ok, in kernel config I found a line
# CONFIG_NETFILTER_XT_TARGET_CONNMARK is not set
I've changed it to
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
and recompiled the kernel. For now 'iptables: No chain/target/match by that name' is not thrown, though I don't know yet whether connmark actually works ;).