help with netfilter hook module

[Shirley Wang]

Hello all,

I'm writing a kernel module that registers itself as a netfilter hook.  The
purpose is to insert some delay *after* the packet has been through the
reverse NAT translation (i.e. I have to see the private network address).

Here is how I defined the nf_hook_ops structure:

static struct nf_hook_ops rcv_pkt_munge_ops =
{
  { NULL, NULL},
  test_pkt_munge,
  PF_INET,
  NF_IP_LOCAL_IN,
  NF_IP_PRI_LAST
};

static unsigned int
test_pkt_munge(unsigned int hook,                /* should be NF_IP_LOCAL_IN
*/
              struct sk_buff **pskb,            /* double-ptr to packet
content */
              const struct net_device *indev,   /* ptr to input device */
              const struct net_device *outdev,  /* should be NULL */
              int (*okfn)(struct sk_buff *))    /* to be called only for
fragmentation */
{
	if (delay_pkt(*psb)) {
		// how to hand off the packet???
	} else {
		return NF_ACCEPT;
	}
}

My questions are:

(1) I'm doing some packet buffering in delay_pkt().  How do I hand off the
packet once I'm ready to send?  Can I save a pointer to okfn and call it
later like this?

	saved_func_ptr = okfn;
	// later...
	(*saved_func_ptr)(*pskb)

[PS I tries this but things failed nastily, which makes me wonder if I'm
doing this right...]

(2) I want to see the packet after conntrack, but I cannot find its priority
number, so I'm using NF_IP_PRI_LAST.  Is that ok?

Any help would be appreciated!

Shirley