Kmod-nft-offload -

chain forward type filter hook forward priority filter ct state established flow add @fb

# Load the offload module (usually auto-loaded) modprobe kmod-nft-offload

If your SoC vendor (e.g., certain older Broadcom or Realtek chips) has not open-sourced or implemented hardware flow offload capabilities in their Linux drivers, kmod-nft-offload will silently fall back to software processing. Conclusion

When active, packets skip both the firewall rules and the router's main CPU entirely. The silicon network switch handles the traffic internally at wire speed, lowering CPU usage for that traffic to nearly zero percent. Performance Impact: The Data Breakdowns kmod-nft-offload

kmod-nft-offload is a critical tool for any OpenWrt user looking to maximize the efficiency of their home network, particularly on high-speed internet connections. By leveraging the power of nftables to offload packet processing, it provides a "Fast Path" that keeps CPU usage low and throughput high.

Benefits:

Key components:

If you are running a modern Linux router (such as OpenWrt) or a high-performance firewall, you may have encountered the package kmod-nft-offload . While standard firewall rules process packets using the CPU, this module enables the kernel to offload those rules directly to the network hardware (Network Interface Card or Switch).

nft add rule netdev filter ingress ip protocol tcp tcp dport 22 accept offload

The subsystem in the Linux kernel responsible for packet filtering, NAT, and port translation. chain forward type filter hook forward priority filter

Before you can harness the power of hardware offloading, your system must meet several prerequisites:

Note: Enabling software or hardware offloading can conflict with specific advanced traffic shaping or monitoring tools like SQM (Smart Queue Management) or standard nlbwmon bandwidth monitors because those tools rely on inspecting every packet—an operation bypassed by the offload cache. How to Verify and Install kmod-nft-offload

To guarantee that your traffic is utilizing the accelerated paths, use SSH to run the following query while running a high-speed download test: grep -i OFFLOAD /proc/net/nf_conntrack Use code with caution. While standard firewall rules process packets using the

This module is a core dependency for modern OpenWrt firewall configurations ( 📦 Installation In the OpenWrt terminal, you can install it using the opkg package manager opkg update opkg install kmod-nft-offload Use code with caution. Copied to clipboard ✅ Enabling Offloading

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Kmod-nft-offload -

Latest Posts