I'd like to hook the event at the KERNEL when the following command is executed:

iptables -A PREROUTING -t nat -i eth0 -j DNAT --to-destination

If I understood correctly iptable events handled by Netlink infrastructure.

I code a Kernel module to listen to Netlink socket as follows:

void klna_nl_data_ready(struct sock *sk, int bytes)

struct socket *my_socket;
struct sock nl_sock;

static int __init my_module_init(void)
sock_create_kern(AF_NETLINK , SOCK_RAW, NETLINK_NFLOG , &my_socket);
addr.nl_family = AF_NETLINK;
addr.nl_pid = 0;
addr.nl_groups = 0;
kernel_bind(my_socket, (struct sockaddr *)&addr, sizeof(addr));
/* set the socket up */
nl_sock = my_socket->sk;
nl_sock->sk_data_ready = nl_data_ready;
nl_sock->sk_allocation = GFP_ATOMIC


I'd appreciate your help