Some questions about "-set-xmark" in iptables

I have a rule as following:

-A PREROUTING -d 10.228.20.15/32 -p tcp -m tcp --dport 80--tcp-flags FIN,SYN,RST,ACK SYN -j MARK --set-xmark 0x70/0xffffffff

The man doc explains --set-xmark as below:

Zero out the bits given by mask and XOR value into the ctmark.

English is not my native language. Could anyone help to explain what value would be set into ctmark? What zero out means? Take a example would be appreciated.

So the syntax is --set-xmark value/mask. The resulting operation is:

ctmark = (ctmark AND NOT mask) XOR value

Zero-out corresponds to (ctmark AND NOT mask): if a bit in mask is set, then the corresponding bit in ctmark will be zero (before the XOR).

The man page also states:

--and-mark bits
    Binary AND the  ctmark  with  bits.  (Mnemonic  for  --set-xmark
    0/invbits, where invbits is the binary negation of bits.)

--or-mark bits
    Binary  OR  the  ctmark  with  bits.  (Mnemonic  for --set-xmark
    bits/bits.)

--xor-mark bits
    Binary XOR the  ctmark  with  bits.  (Mnemonic  for  --set-xmark
    bits/0.)

You can validate the operation above against those definitions:

--and-mark bits == --set-xmark 0/invbits
     ctmark AND bits = (ctmark AND NOT invbits) XOR 0
     -> bits = NOT invbits
     -> anything XOR 0 = anything
     so: ctmark AND bits = ctmark AND NOT NOT bits = ctmark AND bits

--or-mark bits == --set-mark bits/bits
     ctmark OR bits = (ctmark AND NOT bits) XOR bits
     -> should be obvious based on boolean logic

--xor-mark bits == -set-mark bits/0
     ctmark XOR bits = (ctmark AND NOT 0) XOR bits
     -> anything AND NOT 0 = anything