Signalling is a very crude (and expensive) interface, one which isn't suitable for a high bandwidth interface. Your best bet is to look around say sourceforge for other programs which do what you want (and examine that source code), or ask other people who know more about the details of IP tables.
You're not trying to implement an Intrusion Detection System (IDS) like Snort by any chance are you?
