https://datatracker.ietf.org/doc/html/rfc4787#section-6

By default, our created external mapping port is only accessible by BPF program.

Hairpinning requires to access external mapping port from internal, so the internal packets must be routed to BPF program in order to be SNAT and rev-SNAT to another internal host.

However, this is not possible with default route rule as Linux would create local routing entry that forward packet towards external mapping port to local host instead of network interface and BPF program on TC egress hook.

So additional routing rule would be need to route those packet to our egress BPF program and route back processed packet from ingress to respective internal host.