I have a rule to mark packets whenever a packet with the DSCP value 14 is received but this filter is never being hit. I have verified via wireshark that the packets going out have the proper value for DSCP.
chain=postrouting action=mark-connection new-connection-mark=AF13 passthrough=yes out-interface=XXXXX dscp=14
The counters show that this filter rule is never hit. I have a subsequent filter rule that matches the destination IP address that is getting hit and is working.
Any idea why a mangle rule to match on dscp doesn't match dscp?