I'm marking all packets in mangle section to get a decent QoS. One of my mangle rules should detect any new connection:

add action=jump chain=forward connection-state=new jump-target=forward-new

And inside the forward-new chain I mark all connections with different marks.

However, the above rule seems to overlook some valid new connections, including TCP, is there a reason for this?
First, do I even understand correctly that any new connection will have connection-state at least first time when seen by mangle processor?
Or, if it isn't possible, any idea what should I check?

Hi

all new connection passing through the firewall will be selected by this rule, as long as these aren't processed somewhere before.

What will not be processed by this rule is all new connections to the firewall itself (chain=input) or originating from the firewall (chain=output)

Yes!
I've marked (and eaten) some packets in a rule above mentioned one.
Thanks.