The short version is that the conntrack entry has 2 sub-entries, one for the 'original' direction of a flow and one for the 'reply' direction of the flow. Both of those sub-entries are linked to the conntrack meta-data such as conntrack mark.
https://thermalcircle.de/doku.php?id=blog:linux:connection_tracking_1_modules_and_hooks goes into more depth than my mind can cope with.