I need to build a system in which i am able to route packets based on a number of parameters, such as port/protocol etc, which are somehow "normal", but also on other aspects, such as queue length, and other external factors. My router is composed of 2 internal interfaces (802.11) and two external interfaces (one ADSL, one LTE). So I would like to examine each packet through an external program, and decide on what interface it should be routed.
I took a look at iproute2, but I didn't found any method to pass each packet to an external program, or somehow dynamically choose the route for each packet.
So the question: what is the best way to do this? Are there already tools that go in this direction, or should i rely on something made by myself, and passing the packet through linux standard tools?
Best Answer
Netfilter (iptables) has queue module to send frames to a userspace program. Libraries for different languages (c, python, perl, etc...) are available to examine packets. After processing a frame you will return an ACCEPT or DROP verdict, the original or modified frame, and an option to set a mark.
My guess that you can use the mark to handle this packet differently in the rest of the netfilter chain and change a routing mark to choose a specific routing table.
This would be a more elegant solution than very low level device handling but may be a performance issue depending on the choice of your userspace implementation.
I have used this in another project to modify incoming DHCP frames from a broken client but never used the mark.