Coding Divert Sockets/What Are They?

A divert socket is a special socket that is bound to a divert port where the IPFW or other filter sends matching link level incoming/outgoing packets for processing in a user space process. Divert sockets allow you to send packets in a similar fashion raw IP sockets do, where they enter or re-enter IP packet processing.

Divert sockets are particularly useful when, for example, an application to act as a router with use of a divert rule linked to a divert socket to receive and re-inject re-routed packets into the network stack, or a packet capture application using a tee rule linked to a divert socket for capturing data at interrupt time resolution; with no concern for the link level (Ethernet, 802.11, etc.) headers.

Since divert sockets stop packets from continuing up the network stack, data can be modified before it reaches its destination without having the destination host know that the packet was modified.

Think of it as a libpcap that allows you to stop packets before they get to their destination and send raw packets, only without the bloat of libpcap.