Dev:Pf

pf, PF, or PacketFilter, is a very thoroughly documented, very mature packet filter. The Wikipedia page below is a great place to start, and there's no point in copy-pasting existing text here.

https://en.wikipedia.org/wiki/PF_(firewall)#:~:text=PF%20(Packet%20Filter%2C%20also%20written,to%20many%20other%20operating%20systems.

pf is available on all darwin variants and is used across the system for tasks requiring packet manipulation, redirection, etc.

Purpose
Examples of usage in iOS include Airdrop, Tethering, and the system VPN.

pfctl
The command-line utility 'pfctl' is also included with iOS, located in /sbin/.

PacketFilter.framework
The closest thing pf provides to a public API is PacketFilter.framework. PacketFilter.framework is written in C, not Obj-C, and has no public Headers. However, opening it in your disassembler of choice will make it very easy to understand.

Jonathan Levin's *OS Internals, Volume 1 Chapter 16 contains the best research to date on any of these components:

http://newosxbook.com/bonus/vol1ch16.html

Although much research still needs to be done, the contents of this chapter are invaluable for anyone interested in low level, non-destructive packet filtering.