with my test I get this working without IPv4 :
sysctl net.bridge.bridge-nf-call-iptables=1
sysctl net.bridge.bridge-nf-call-ip6tables=1
root@monitor:~# bridge vlan
port vlan ids
lan1 1 PVID Egress Untagged
lan0 1 PVID Egress Untagged
br-lan 1 PVID Egress Untagged
root@monitor:~# echo "1"> /sys/class/net/br-lan/bridge/nf_call_iptables
root@monitor:~# cat /sys/class/net/br-lan/bridge/nf_call_iptables
1
and then with a VLAN added to one of the bridge device, I get more verbose tcpdump;
root@monitor:~# bridge vlan add vid 100 dev lan0 pvid untagged
root@monitor:~# bridge vlan
port vlan ids
lan1 1 PVID Egress Untagged
lan0 1 Egress Untagged
100 PVID Egress Untagged
br-lan 1 PVID Egress Untagged
root@monitor:~#
May be conntrack is useless on a bridge and I have to get NFLOG instead of NFCT ?