As I mentioned,
/ip filter raw works more or less directly on packets without notion of connections.
Then at some intermediate moment, there comes connection tracking which is a quite expensive operation. However, stateful firewalls have to do it and firewall in ROS is a stateful one. If you don't need connection tracking, you can disable it.
And after that,
/ip firewall filter rules kick in. As I already wrote, when connection is tracked, it is possible to take some shortcuts. E.g. have a filter rule which allows all packets belonging to established connections and related connections. So we have single firewall filter rule which deals with vast majority of packets. Packets that are left have connection state either new (and we have to apply additional filter rules to determine whether we pass those packets or not), invalid (probably we want to drop those) or untracked (its up to particular config whether to pass those or not).
Keep in mind, that firewall filter rules are executed against packet in order as they are listed from top to bottom. So it's good to have filter rules which either pass or block most packets at the top of the list (on the other hand more specific rules have to precede more general rules which might trigger on same packets). So if we place the "accept established&related" rule to the top of rules, then vast majority of packets get matched only against a single rule matching connection state. It is not possible to construct such a rule in raw where connection states are not known (yet).
Remember: if packets, initiating new connection, are blocked/dropped, then such connection can never reach state "established" and further packets belonging to such blocked connection are then considered invalid - if connection initiator is not some malware, then further packets normally don't arrive.
And then there's the feature I wrote about: fast-track. It's a bit of magic what and how it works, but if used efficiently it reduces firewall resource consumption quite dramatically. It marks connections to bypass most of firewall and thus speeding up firewall processing a lot.
Probably it is not as fast as it would be with disabled connection tracking (fast-track can't work without connection tracking), but with disabled connection tracking firewall raw would have to deal witl just every packet passing router.
You may refer to
packet flow description ... it's heavy to read, but after one manages through it is good information.
BTW, it shows that connection tracking for ingress packets is done even before mangling, only raw prerouting is done earlier.