First we take every second packet that establishes new session (note connection-state=new), and mark it with connection mark “odd”. Consequently all successive packets belonging to the same session will carry the connection mark “odd”. Note that we are passing these packets to the second rule (passthrough=yes) to place a routing mark on these packets in addition to the connection mark.
Q1)
Consequently all successive packets…
How does ROS know that a previous packet was marked with eg mark=odd and mark all others in same connection with same mark?
Q2)
Note that we are passing these packets to the second rule…
Why not just place routing mark directly, why first connection mark and then routing-mark? I see that the NAT later on uses connection-mark, but why not just use routing mark in NAT as the route table part does?
If someone can help me understand why, I’ll be very thankfull.
Ekkas