Each Netfilter module needs to operate at two layers, the kernel space and user space.  The user space supports the arguments for the "iptables" binary needed for that specific module.  For example the user space code supports the "--funccode", "--unitid" "--len" etc.  It parses the arguments, passes them to the kernel space module and it registers itself with the kernel space module.  The kernel space module is the one which actually parses the packets hitting it and checks its contents against the user supplied values.  As with any other Netfilter module, the compilation for this module should be done at both kernel and userspace as explained below.  The kernel space patch goes into the Linux kernel code, into net/ipv4/netfilter/ directory, adds a new kernel module(ipt_modbus.o) upon compilation.  The user space patch patches the iptables source code and adds a new shared library( upon compilation.  The kernel module should be loaded into the kernel and the shared library should be placed inside the directory where all other shared libraries for iptables exist(usually /lib/iptables) so that  iptables will go find it when a "-m modbus" argument is specified.

Kernel space

User space