I want to say this is related to the hardware buffers being closer to the chip so this protection can actually prevent packets from going into the firewall processing phase where the vm is one big virtual container where you can't take action before a packet is already "inside"
I want to say this is related to the hardware buffers being closer to the chip so this protection can actually prevent packets from going into the firewall processing phase where the vm is one big virtual container where you can't take action before a packet is already "inside"