Hello, I am able to obtain a socket reference by doing a socket look-up in the xt_socket module.After this somehow the following code gets hit if (wildcard || !transparent){ printk(KERN_INFO "Inside not transparent or wildcard xt_socket"); sk = NULL; } I am sure the socket is transparent so I am assuming it satisfies the wildcard case here. socket match: proto 132 0aff0d8c:40480 -> 0aff0d9e:3127 (orig 0aff0d9e:3127) sock (null) sk gets set to null.Can you please tell me how to resolve this? What is the flow of the TPROXY module?My understanding is as follows -When a packet comes first it hits xt_socket -When this fails it hits xt_TPROXY I am able to get this trace from xt_TPROXY when I specify a port number in the TPROXY rule. iptables -t mangle -A PREROUTING -p sctp -i bond0.110 --*dport 1500* -j TPROXY --tproxy-mark 1 --on-port 3127 I get this trace redirecting: proto 132 0aff0d9e:1500 -> 00000000:3128, mark: 1 But this never comes when I make the rule iptables -t mangle -A PREROUTING -p sctp -i bond0.110 --*dport 0* -j TPROXY --tproxy-mark 1 --on-port 3127 Can someone please explain this to me.For TCP I am able to successfuly get a socket reference socket match: proto 6 0a8e8ea6:4576 -> 0aff0d9e:22 (orig 0aff0d9e:22) sock * ffff88041d3a54c0* For SCTP my design is as follows -I do the lookup and store the TPROXY port number in skb->cb and redirect the packet -Once the packet reaches the sctp module I redo the lookup with the TPROXY port so I get a valid association/endpoint and the global structures required by the sctp module are filled. I get this error also sporadically Regards, Maria