Edit outgoing IP packets

Question

How can I edit outgoing IP packets on the fly?

I believe NetfilterQueue would allow me to do this on Linux, so I am looking for macOS alternatives.

Overall, I want to be able to capture a packet sent from my machine to a specific IP address, edit some information in the IP header and send the packet on its way.

Edit

I have just skimmed through iptables man page and realized that mangle table would work perfectly for my usecase. As I understand, macOS's alternative to iptables is some variant of OpenBSD PF. I can't seem to find anything about altering packets in PF documentation. Is it possible to set some rules for altering packets using macOS PF?

Answer 1

You can do one of two things:

(a) Configure macOS's native packet filter, PF, to forward packets to a "divert socket" (akin to a Unix socket on Linux; see divert(4)). An application running in userspace can then listen on this divert socket and inspect packets, followed by dropping them or handing them back to the kernel (with or without modification) for sendoff. See this blog post for an example config, and pfctl(8), pf.conf(5), and the PF User's Guide for comprehensive info on PF's capabilities and how to configure it.

(b) Deploy a kernel extension which uses the native IP filter interface, IPF (akin to Linux's Netfilter), to inspect, modify, and drop packets. See Jonathan Levin's Mac OS X and iOS Internals for details; the 1st edition describes this interface in §17.7.4 IP Filters (page 698).

I don't know of any general-purpose daemons that work on principle (a) or kexts that use principle (b) that allow you to write config files that specify rules for modifying and dropping packets in transit, so it seems like you'd need to write your own daemon or kext for your specific use case.