nft add table offload nft add chain offload type filter offload nft add rule offload filter ip saddr 192.168.1.0/24 offload
By offloading nftables rules to hardware, kmod-nft-offload alleviates the CPU burden, allowing it to focus on more critical tasks. This results in improved network performance, characterized by increased throughput and reduced latency.
As OpenWrt has matured, the way offloading is handled has changed. For instance, in newer kernel versions (5.1+), many IPv4 and IPv6 NAT packages were merged to simplify the codebase.
nft add chain inet filter forward type filter hook forward priority filter; policy drop; nft add rule inet filter forward ct state invalid drop nft add rule inet filter forward tcp dport 80, 443 ct state established flow offload @f nft add rule inet filter forward ct state established, related accept nft add rule inet filter forward accept
Driven directly by kmod-nft-offload , software offloading speeds up the software stack itself. Once a connection is identified as "established," the CPU bypasses the heavy code paths of the firewall.
is a kernel module for OpenWrt that provides Netfilter nf_tables routing and NAT offload support. It is a core component for improving network performance by moving packet processing from the CPU to specialized hardware or optimized software paths. Key Features and Dependencies
I can provide specific debugging commands to check if your flows are offloading correctly. Share public link
: Netfilter nf_tables routing and NAT offloading. Core Dependencies : kernel , kmod-nf-flow , and kmod-nft-nat .
Normally, your router's CPU has to inspect every single packet passing through the firewall. This consumes power and limits speed, especially on high-speed gigabit connections. The Magic Trick : Once a connection (like a Netflix stream) is verified, kmod-nft-offload
The module is usually included in standard OpenWrt releases (like 22.03.0 or 23.05.0 ) and can be managed via the opkg package manager. : opkg update && opkg install kmod-nft-offload
For more technical details on package versions and builds, you can explore the official OpenWrt package repository configuration guide for a particular router model to get offloading running? kmod-nft-offload - [OpenWrt Wiki] package
Bypassing the CPU for established streams drops CPU utilization from 100% down to near 0%. This frees up processing power for other critical router tasks, including: Running a WireGuard VPN server Managing local network storage (NAS) Processing complex container apps (Docker) 3. Lower Latency and Jitter
Ensure the kernel module is loaded.