Many modern routers feature MediaTek, Atheros, or Marvell chips. These chips include dedicated hardware routing blocks. Enabling this module allows budget devices to achieve line-rate Gigabit NAT routing. 2. Drastic CPU Reduction
Some nftables rules cannot be offloaded. Complex rules involving queuing or certain Mangle table operations might force traffic to return to the slow software path.
As the kingdom grew and more people used high-speed fiber-optic roads, the King became exhausted. He spent all his time looking at packets, leaving him no energy to run other important programs like VPNs or file servers. The kingdom's internet speed began to slow down, and the King’s palace (the router) started to get very hot. Enter the Strategist: kmod-nft-offload kmod-nft-offload
opkg update opkg install kmod-nft-offload
: While it supports generic software offloading (which reduces CPU load), its primary value lies in hardware flow offloading , where the networking hardware itself handles packet forwarding for established connections at near-line speeds. Performance Impact and Use Cases Many modern routers feature MediaTek, Atheros, or Marvell
| Supported | Not Supported | |-----------|----------------| | IPv4/IPv6 forwarding | Dynamic NAT (SNAT/DNAT with port mapping) | | Simple VLAN tagging | Bridge port isolation | | Basic conntrack (established/related) | Rules with log , queue , limit | | Matching on input/output interfaces | Stateful expressions (e.g., ct state new in same flow) |
This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later. kmod-nft-offload - [OpenWrt Wiki] package As the kingdom grew and more people used
Check (and Hardware flow offloading if your device supports it). kmod-nft-offload - [OpenWrt Wiki] package
: By offloading flow processing, the main system CPU is freed up for other tasks like VPN encryption, storage management, or running applications. Common Implementation Issues
The kmod-nft-offload kernel module provides the necessary infrastructure to offload nftables rulesets to compatible network hardware (e.g., SmartNICs, switch ASICs). This report details its architecture, dependencies, performance implications, and deployment considerations. Enabling this module significantly reduces CPU load for high-bandwidth packet forwarding by moving flow processing from the Linux network stack to hardware.
: Users have reported significant performance differences; for instance, turning offload on can increase connection speeds from 300 Mbps to over 700 Mbps on supported hardware.