nfmark & conntrack

[Henrik Nordstrom]

Is it somehow possible to combine nfmark and conntrack to have packets
belonging to certain sessions marked with a specific mark?

I know that it is possible to mark packets on the criteria that they
belong to any session, but what I want is to have the packets in a
session marked depending on how the session was accepted.

If not, where it the most appropriate place to implement such a thing? I
would gess implementing it in the core connection tracking module is the
easies approach (init_conntrack and ip_conntrack_in?), but is it the
correct place for such a thing? It is a fundamental feature that should
apply to any tracked connection, including ones with helpers, not really
specific to a protocol or application.

--
Henrik Nordstrom