Kmod-nft-offload -

In the world of high-speed networking, especially with gigabit fiber-to-the-home (FTTH), the bottleneck is rarely the internet connection itself—it is often the router trying to process all that traffic. When running modern firewall systems like (used by default in modern OpenWrt), the CPU can become overwhelmed, leading to high latency and lower throughput.

Demystifying kmod-nft-offload: Maximizing Router Performance in OpenWrt

What (e.g., MediaTek, x86) you are using? What OpenWrt or Linux kernel version is currently running? Whether you are experiencing dropped packets or CPU spikes ?

kmod-nft-offload is an OpenWrt kernel module ( kmod ) that enables Netfilter ( nftables ) to offload routing and Network Address Translation (NAT) operations to the hardware.

When a connection (like a video stream or a large download) is established, most packets in that stream are predictable. Rather than checking every single packet against every firewall rule, the module "offloads" these established flows to a specialized flow table. kmod-nft-offload

Modern network drivers for chipsets from vendors like have incorporated specific support for this flow offload API. For instance, MediaTek's Packet Processing Engine (PPE) is designed to handle hardware flow offloading for nftables, and their OpenWrt SDK includes patches to make this functionality accessible.

: Typically enabled through the firewall configuration file at /etc/config/firewall by setting option flow_offloading '1' . kmod-nft-offload - [OpenWrt Wiki] package

If you are using SQM (Smart Queue Management) or other Quality of Service mechanisms, hardware offloading might conflict or be bypassed. Hardware offloading moves packets before they reach the software queuing disciplines where QoS resides.

If you have a modern router running OpenWrt 22.03 or 23.05, ensuring this module is enabled is one of the best ways to upgrade your networking performance. In the world of high-speed networking, especially with

Primarily used in embedded devices, such as those running OpenWrt, to boost routing performance, particularly in scenarios where the CPU is the limiting factor. How It Works: Hardware vs. Software Offload

Before deploying kmod-nft-offload in your environment, it's crucial to verify that your system meets the necessary requirements.

Reduced from ~150µs to ~8µs (P50) due to hardware lookup.

: In supported setups, it can significantly increase throughput (e.g., jumping from ~260Mbps to ~680Mbps in certain speed tests ) by bypassing intensive CPU-bound processing for established connections. Usage and Troubleshooting What OpenWrt or Linux kernel version is currently running

Flow offloading generally falls into two distinct categories within modern OpenWrt setups: Software Flow Offloading

What or CPU architecture are you currently using? What version of OpenWrt or Linux distribution is installed?

: Works universally across virtually all network interfaces and CPU architectures (MIPS, ARM, x86).