Idea to think about: --salt 3b5b91c5a2 XOR client addresses for some more privacy
the salt can be added e.g. when restarting router/iptables or may be generated for
a particular host once. Purpose: hide MAC addresses behind the address mapping
gateway 

Check compat with tcpdump. Linux2.4 needs to copy skb() for that, but it oopses

Update csum, see http://www.faqs.org/rfcs/rfc1624.html for these
protos (see http://www.firstpr.com.au/ip/ivip/checksums/ ):

IPPROTO_TCP, IPPROTO_UDP, IPPROTO_DCCP, IPPROTO_AH?, IPPROTO_ICMPV6, IPPROTO_UDPLITE
break NEXTHDR_NONE

Evnt mit ipv6_gso_pull_exthdrs() oder ipv6_find_hdr() oder nf_ct_ipv6_skip_exthdr()
Evnt linux-2.4: mit ipv6_skip_exthdr()

unsigned int ptr = skb_network_offset(skb) + sizeof(struct ipv6hdr);
u_int8_t c = ipv6hdr.nexthdr;
while (c != NEXTHDR_NONE && ip6t_ext_hdr(currenthdr)) {
  const struct ipv6_opt_hdr *hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
  switch(c) {
    case IPPROTO_FRAGMENT:
      hdrlen = 8;
      break;
    case IPPROTO_DSTOPTS:
    case IPPROTO_ROUTING:
    case IPPROTO_HOPOPTS:
      hdrlen = ipv6_optlen(hp);
      break;
    case IPPROTO_AH:
      hdrlen = (hp->hdrlen+2)<<2;
      break;
    default:
      return;
  }
  c = hp->nexthdr;
  ptr += hdrlen;
}

	csum = ~add16(add16(~htons(csum_orig), ~csum16((u_int16_t *)&old, 3)), csum16((u_int16_t *)&new, 3));
	printf("%04hx normal buf1\n", ntohs(csum));