Thank you for finally telling me what you actually wish to solve -- or at least 2 words of it -- instead of the railroaded solution you demand for it. We know you're more interested in doing it your way, you don't have to keep telling us that, but when a "solution" gets to the point of modifying the kernel's source code by hand, that's
usually considered a wakeup call! I don't know how to do it, and not for lack of trying. Kernel programming is its own specialty entirely.
arpon might be worth consideration. It claims to actually fight the problem of ARP spoofing, not just report it.