Feature request: Add ability to set fwmark on clearnet traffic

[cdhowie]

It would be extremely helpful in my scenario to have nebula set a configurable fwmark on clearnet traffic. This is a feature supported by OpenVPN and Wireguard out of the box, and allows application of routing rules based on the origin of the traffic.

For example, the default routing table could be used to direct all traffic to another nebula host, but this would create a routing loop when nebula transmits the corresponding clearnet traffic. Marking the generated clearnet traffic allows a separate routing table to be used for it, escaping the loop.

In theory, this should be as simple as calling setsockopt with SO_MARK and a user-supplied mark value on all clearnet sockets, though I will readily admit that reality is probably not so simple.

[dd0ke]

packet marking does not seem to work over a Nebula network. I am also trying to have a policy based routing setup to route back through the originating gateway. Is this something that can be fixed in settings, or is it a specific feature?