From: Lorenzo Colitti <lore...@google.com> Date: Wed, 2 Nov 2016 00:25:15 +0900
> That way, if you want to modify the packet or do something > sophisticated in netfilter, you can still use the eBPF hook on the > results of that operation, and if you don't want to run netfilter, you > can write netfilter rules to skip the packet (and maybe still fix it > up later, perhaps in another netfilter chain). The downside is that we classify the packet twice. This transactional cost adds up rather quickly.
