libnet would be useful for this but would mean the helper program can't drop root privileges
Can enable packet forwarding via sysctl: sysctl -w net.inet.ip.forwarding=1 (needs root)
Will need to be managed at app level not document level (as it is a global option)
Will need to either launch a separate helper program or the current helper won't be able to drop privileges (due to the forwarding sysctl, for writing packet data the bpf file descriptor can just be opened rw)
Separate helper means the user gets asked for a password again
Not dropping privileges is less secure
Code that turns on IP forwarding can't drop privileges because it will need to turn it off again when exiting
So given the above it might be best to have the helper tool fork another process which handles injecting ARP packets and turning IP forwarding on and off. Then the main helper can still drop privileges. i.e. follow the basic principle of minimising the amount of code that runs with elevated privileges.
The main helper can then receive commands from the GUI which it passes on to the arp-helper.
There will need to be commands like:
Turn IP forwarding on/off
AppController will need to decide this, by maintaining a list or count of which interfaces are spoofing. This is because if you have two captures on the same interface you don't want one of them to turn off forwarding when it quits if the other is still running.
Set the list of addresses to spoof (so an empty list means stop spoofing)