On Sun, 21 Nov 2004, cranium2003 wrote:

Also,which headers are added when packet
reaches to netfilter hook NF_IP_LOCAL_OUT? I found
TCP/UDP/ICMP ,IP. Is that correct?

Yes.

netfilter is running at the IP layer and only reliably have access to IP 
headers and up. Lower level headers such as Ethernet MAC header is 
transport dependent and not always available, and certainly not available 
in NF_IP_LOCAL_OUT as it is not yet known the packet will be sent to an 
Ethernet.

In some netfilter hooks it is possible to rewind back to the Ethernet MAC 
header but one must be careful to verify that it really is an Ethernet 
packet one is looking at when doing this. Unfortunately there is no 
perfect solution how to detect this.. For an example of how one may try to 
look at the Ethernet MAC header see ipt_mac.c. But be warned that it is 
possible for non-Ethernet frames to pass the simple checks done there..

Regards
Henrik