[$] The BPF-programmable network device

Containers and virtual machines on Linux communicate with the world viavirtual network devices. This arrangement makes the full power of theLinux networking stack available, but it imposes the full overhead of thatstack as well. Often, the routing of this networking traffic can behandled with relatively simple logic; the BPF-programmable network device,which was merged for the 6.7 kernel release, makes it possible to avoidexpensive network processing, in at least some cases.