Hi everybody,
I have to write a module for matching extending the netfilter but I'm facing some problems can somebody guide me in that. I know that I need to write matching module working in kernel space and a program in userspace. I went through the HOWTO on netfilter-hacking but faced following problems :
1. In kernel module how is match function different from checkentry function (I got this confusion because a 0 return in checkentry and setting hotdrop to 1 seemed to do same thing). Please explain the meaning of each function elaborately.

2. As described in the HOWTO there is a structure in header file iptables.h that I need for program in userspace but I'm not able to locate this headerfile where can I find it.

If possible please send me an example of any module with both the kernel module and program for taking user input in userspace.

Thanks in advance.