If you tell me your router model and your internet speed (Mbps/Gbps) , I can tell you if kmod-nft-offload is likely to help your setup. I can also: Help you verify if your hardware drivers support it. Compare it to kmod-natflow for your specific device. Share public link
# Load the offload module (usually auto-loaded) modprobe kmod-nft-offload
[ Incoming Packet ] │ ▼ [ Is flow established? ] ├── NO ──> [ CPU processes packet via firewall rules ] ──> [ Establish Flow ] │ │ └── YES ──> [ Bypass standard CPU path via kmod-nft-offload ] ──────┘ │ ▼ [ Fast-forwarded to Destination ] 1. Software Flow Offloading kmod-nft-offload
Flow offloading operates on a simple premise: only the first few packets of a communication stream need deep inspection.
Once installed, the offload functionality is typically managed through the firewall4 (fw4) configuration. In most cases, you can enable hardware offload by setting the option flow_offloading '1' and option flow_offloading_hw '1' in the /etc/config/firewall configuration file. The firewall4 scripts will then attempt to create the necessary hardware-offloaded flowtable automatically. If you tell me your router model and
: Traffic shaping tools like SQM (Smart Queue Management) rely on inspecting every packet. Offloading bypasses the CPU, rendering QoS ineffective.
For more technical details on package versions and builds, you can explore the official OpenWrt package repository configuration guide for a particular router model to get offloading running? kmod-nft-offload - [OpenWrt Wiki] package Share public link # Load the offload module
Routers can reach closer to wire-speed (e.g., 900+ Mbps on modern hardware).
At high speeds (>1 Gbps), this process consumes massive amounts of CPU cycles, bottlenecking the network throughput. The Solution: Hardware Offload with kmod-nft-offload