> For IP packets, you can use IPfilter.

I have a unique application where I need to edit the packet before it
reaches IPFilter (or at least the ipnat inside of ipfilter).  I use IPFilter
to do network address translation from the inside interface to the outside
interface, but I need to edit the packets from some machines on the inside
before IPFilter sees them, and the packets to some machines on the inside
after IPFilter has translated them.

> However: you can tap ARP packets with a BPF expression, and handle them
> completely in a user program, as long as the kernel may still handle its
> own ARP packets. I don't think that this is a limitation: if you have
> a valid IP address on an Ethernet interface, you must handle ARP for it
> anyway.

I can probably use a bpf user program to manage the ARP traffic and let the
kernel deal with it's own ARP packets - the IP stuff is the hard part right
now ;o).

Thanks!  Mike.