ip_conntrack_tuple and marks

[Carl-Daniel Hailfinger]

Hi,

is it possible to add a nfmark field to ip_conntrack_tuple
so that only packets with a certain mark set are matched to
a connection? I'm trying to filter/nat multiple independent
connections with same ip/proto/port tuples on both sides
and the only distinguishing property of the different
connections is their nfmark. Using NOTRACK doesn't help
because it can only exclude packets from tracking, not
match packets to different expectations.

At first sight, it seems possible to only change a few lines
of code (expectation comparison and setup), but I fear there
might be a lot more to consider.

Any pointers to docs/patches/etc. are appreciated.

Regards,
Carl-Daniel
-- 
http://www.hailfinger.org/