But i can't see any traffic in accept rule for connection-mark=!no-mark.
Why?
Because your
chain=pktmark works well and does not leave any packets unhandled
That
action=accept rule was there just to catch packets for which the translation of
connection-mark to
packet-mark did not happen for any reason in the
chain=pktmark and not let them get further. However,
Any comments for the new configuration?
yes, there is an important one related to the above - as you have added
out-interface=pppoe to the first two rules as compared to my suggestion, all packets in the download direction do pass through all the connection-marking rules followed by passing through all the
chain=pktmark rules, because neither of the first two rules matches on them (as they have a
connection-mark assigned but don't have
out-interface=pppoe). So if you don't want to enqueue download packets, remove the
out-interface=pppoe from the accept rule with
connection-mark=!no-mark, so it will accept all download packets belonging to already marked connections and thus will not let them pass all the connection-marking rules (as doing so generates an unnecessary CPU load). So all download packets (except the initial ones of connections initiated from WAN side which probably don't exist) will be handled by just two rules - the first one which won't match on them, and the second one which will accept them. In my initial suggestion, the first rule in the chain=connmark2pktmark was responsible for the same, but it caused the upload packets to pass through that one extra rule, so the way described just above is more efficient.
Other than that, it seems fine to me. So if after implementing the change above you still experience RTP packet loss, there is no more optimisation I could suggest.