I know that in user-mode applications we can register filters without callouts and provide primitive operations.
But if it is needed re-inject packet and create new packet with additional information I need to use callout drivers (for example, if I develop VPN application).
Is there possible way to catch and modify all network traffic in usermode?
As far as I know, no. As far as I know, Windows doesn’t come with a usermode framework to make arbitrary transformations to arbitrary packet traffic.
You could certainly build such a framework. And it’s quite likely that someone has already made a generic one that you can pull off the shelf. You might want to look into TAP and TUN. (This is not an endorsement from me or my employer.)
Thanks, @Jeffrey_Tippet_[MSFT]