alt Hacker NewsgVisor also has a complete userspace networking stack that you can pull in, which makes it a lot easier to do some neat things like run an HTTP server responding to packets intercepted via eBPF and sent to an AF_XDP socket, which would otherwise be a pain.
There's a separately-maintained fork of this (originally by the Tailscale folks) at https://pkg.go.dev/inet.af/netstack.