I posted my test result and responded to the mailing list here IPFire XDP performance for NAT port forwarding - Development - lists.ipfire.org in April, and that is specific to XDP SYN proxy use case, not sure if it relevant to this discussion.
and speaking of security, probably this is not fair comparison without digging into each CVE
search results: netfilter
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=netfilter
search results: xdp
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=xdp