Netfilter is framework which provides a series of hooks at various points in a networking protocol stack, as shown in Figure 4.1. The Netfilter sub-system provides packets at each of these hooks in the sk_buff data structure [12].
sk_buff is a control structure with a block of memory attached. The primary goal of sk_buff data structure and associated routines is to provide a consistent and efficient buffer handling mechanism for all the network layers.
