This mechanism identifies long-lived, established network streams (flows). Once a connection is verified and established by the CPU, the routing rule is "pushed" down into the network hardware. Subsequent packets in that specific stream bypass the CPU entirely. The Role of kmod-nft-offload
: If you see a message like Hardware flow offloading unavailable, falling back to software offloading in your logs, it likely means the kmod-nft-offload module is not loaded. The module must be installed first:
Understanding kmod-nft-offload: Accelerating Network Performance in OpenWrt
Every single packet crosses the system bus (PCIe) and consumes CPU cycles. At 10 million packets per second (Mpps), this becomes unsustainable.
You cannot offload ct state established easily because the hardware would need to maintain stateful timers. For true offload, use stateless rules or ensure tc can offload the connection tracking (requires advanced hardware with full conntrack offload, like Mellanox ASAP²). kmod-nft-offload
Note: For the module to work, your router's hardware must support flow offloading. Most modern MediaTek (MT76xx), Qualcomm Atheros, and newer Broadcom chips in OpenWrt-supported devices support this feature. Enabling kmod-nft-offload in OpenWrt Once installed, you must configure the firewall to use it. Open /etc/config/firewall .
If hardware offloading is enabled via kmod-nft-offload , the kernel sends a message to the NIC's firmware. The hardware then creates a shortcut for that specific flow.
What (e.g., MediaTek, x86) you are using? What OpenWrt or Linux kernel version is currently running? Whether you are experiencing dropped packets or CPU spikes ?
Hardware-level processing is consistently faster than software interrupts, leading to a snappier feel for gaming and real-time communication. Technical Architecture & Dependencies kmod-nft-offload doesn't work in isolation. According to the OpenWrt Package Wiki , it relies on several key components: kmod-nf-flow: The Role of kmod-nft-offload : If you see
kmod-nft-offload is a Linux kernel module package—most prominently utilized within the OpenWrt ecosystem—that enables hardware flow offloading for .
Are you looking to for a specific ISP speed, or are you troubleshooting a installation error in OpenWrt? kmod-nft-offload - [OpenWrt Wiki] package
: If you experience lower speeds with it enabled, ensure your kernel version matches the package version, as mismatched packages are a common cause of instability in OpenWrt. If you're trying to optimize your router, let me know: What is your router model internet speed are you paying for? Are you using any VPNs or SQM/QoS [MT7530/MT7621] RX speed progressively gets worse with time
nft add rule netdev filter ingress drop
Once upon a time in the digital kingdom of , there was a quiet but powerful hero named kmod-nft-offload
Bypassing complex firewall rule evaluation layers reduces packet processing jitter, leading to a more responsive gaming and streaming experience.
This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later.
As a specialized kernel module package, kmod-nft-offload does not operate in isolation. It relies on a tightly integrated stack of sub-modules to work effectively: You cannot offload ct state established easily because