I have been using Henrik Nordstrom's CONNMARK patch on a production system since May last year very successfully. It works very well and allows you to mark individual connections with a mark that can later be restored on other packets related to the same connection and then used for routing. I use it on our external router which is attached to two different ISPs to route reply packets back to the ISP from whence the connection originated - very useful.
So, why is CONNMARK still not included in Patch-o-matic? Is there a more up-to-date version of the patch than the one which was originally posted to the netfilter development list? There was one simple bug in this original version which I fixed by hand and I would be interested to see any new versions of the same patch. Many thanks, Rupert.
