The Linux kernel has some powerful features in it. It seems that one can't always find them directly. Sometimes the problem of identification needs to be tackled obliquely. I have known about the existence of TC (Traffic Control via the IPRoute2 facilities) and eBPF (Berkeley Packet Filter).
A newly formed group, IOVisor, well maybe a few years old, but with shiny new mailing list, is building an interesting mix of tools for accessing and utilizing those sub-systems for NFV (Network Function Virtualization) scenarios. They have some demo go and c code at github. From a techy perspective, the most informative page on their web site, although sparse, is theirdownload page where they have links to the bpf man page and tc-bpf man page.
tc, which is for traffic control in the linux kernel, has powerful filter and action built-ins for packet processing, and is mostly known for its rate limiting and congestion control capabilities.
bpf is used in a number of subsystems in the kernel. Effectively, it can execute dynamically loaded code at the machine code level, and can therefore be very fast in execution. Some call it a virtual machine environment in the kernel. Human readable code can be compiled with a llvm or gcc add on, loaded into the kernel, execution paths are validated, and then converted to machine code instructions, and then executed. It makes for very fast and efficient packet handling.
It looks like the IOVisor people are attempting to harness that capability for higher level functionality.