Objections nr 2 and 3 are not very good objections at all. IANAKH (I am not a kernel hacker) but: A more intelligent patch would just fall back on the Linux stack, if it recognizes that netfilter or something else is being used. Similarly, if a TOE card is found to be vulnerable, a security update would just remove that card from the list of TOE cards.
Objection nr 4 is the important one. Adding more code to the kernel without any performance benefit would obviously be silly. If the authors of the patch have done their homework, they will have benchmarks to start the discussion with.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds