eBPF extends the BPF with a more modern architecture (e.g. 64 bit support) and being generalized so that it can support things like more fine grained security control in seccomp which limit what commands a userspace app can call.
Xdpcap seems like a logical progression of this path.
Does knowing you are being manipulated this way change your opinion?
I wonder if there could have been a cleaner way with an upstream patch instead.
Maybe if you could add xdp filter at a given priority to make sure it runs first ?