The OpenWrt kernel module kmod-nft-offload provides Netfilter
A device requests a webpage. The first few packets hit the router and are processed in software by nftables via the CPU.
Network Address Translation (NAT) and routing can bottleneck high-speed internet connections. Hardware flow offloading solves this issue by bypassing the main CPU. In modern Linux distributions and OpenWrt, the kmod-nft-offload kernel module is the key to unlocking this performance. What is kmod-nft-offload? kmod-nft-offload
If you experience random reboots or dropped connections under high load, your device driver might have a buggy implementation of the offload API. Disabling "Hardware flow offloading" in the firewall settings will instantly revert the system to stable software routing.
kmod-nft-offload is an essential component for optimizing modern Linux-based network appliances. By cleanly bridging nftables expressions to dedicated hardware switching engines, it unlocks maximum network speeds without requiring expensive, power-hungry processors. It represents the perfect compromise for edge routers trying to balance deep security packet filtering with high-bandwidth demands. If you are troubleshooting a deployment, let me know: Hardware flow offloading solves this issue by bypassing
If your router features a compatible System-on-Chip (SoC) with a Network Acceleration Engine (found in many MediaTek, Marvell, or Qualcomm chips), this module pushes the routing table directly to the hardware switch chip. Packets are routed at the hardware level, dropping CPU usage for routing down to nearly zero percent. Key Benefits of Enabling kmod-nft-offload
From that day on, whenever a citizen of OpenWrt wanted to reach maximum speed on their router, they made sure to invite the hero to their system. wget / SSL issues when updating packages #17385 - GitHub If you experience random reboots or dropped connections
On budget routers or multi-purpose home servers running OpenWrt, the CPU often handles tasks beyond routing, such as running a VPN, managing storage (NAS), or hosting ad-blocking scripts. Offloading routing frees up nearly all CPU cycles, preventing bottlenecks. 2. Wire-Speed Throughput
support for routing and NAT offloading. It is a critical component for users looking to maximize network throughput by moving packet processing from the general CPU to specialized hardware or optimized software paths. What is kmod-nft-offload?
: Reduces CPU utilization to near zero during heavy transfers. How It Works First Packet : A new network flow arrives at the router.
: Define a flowtable in your nftables configuration with the offload; keyword, as documented in the Linux Kernel networking guides. Common Use Cases