Kmod-nft-offload | Work

The King was finally free! With handling the heavy lifting, the King’s workload dropped from 100% down to nearly nothing. The kingdom's roads could now handle Gigabit speeds without breaking a sweat, and the palace stayed cool.

is a silent hero in the OpenWrt ecosystem. It is the bridge between the flexible logic of

nftables recognizes this as a steady connection (e.g., a TCP stream).

When a device on your network requests data from the internet, the packet path follows a specific progression: kmod-nft-offload

Packets are moved directly from the network interface ingress layer to the egress layer inside the kernel space. This bypass lowers the CPU overhead per packet, allowing even lower-end or single-core CPUs to reach near-gigabit routing speeds. 2. Hardware Flow Offloading

: Enables Software Flow Offloading (Flow Offload) in the OpenWrt firewall4 (fw4) system.

When a home router processes incoming data packets, the Linux kernel inspects each packet against firewall rules, routing tables, and NAT tracking mechanisms. This process consumes significant CPU cycles, especially at speeds exceeding 500 Mbps. The King was finally free

The strategist made a simple observation: "Many of these packets are part of the same long conversation. Once the King has approved the first packet of a video stream or a large download, why must he look at every single one that follows?" How the Magic Worked The strategist implemented a plan called :

kmod-nft-nat : Required for offloading Network Address Translation (NAT) operations.

After applying the rules, you can verify that the offload is active by listing the flowtables: is a silent hero in the OpenWrt ecosystem

The kernel module changes this dynamic. It relies on a structural chain of dependencies within the OpenWrt kernel subsystem :

OpenWrt users interact with kmod-nft-offload through two distinct settings available under the network firewall configuration. Feature / Metric Software Flow Offloading Hardware Flow Offloading Linux Kernel Space (CPU optimization) Network Switch / SoC Hardware CPU Utilization Moderately Low (30% - 50% reduction) Near 0% (packets bypass main CPU) Hardware Compatibility Universal (Works on x86, ARM, MIPS) Limited (Requires MediaTek, Marvell, etc.) Feature Support Compatible with most standard rules Incompatible with deep packet modifications Software Flow Offloading

Because the CPU does not have to work as hard during heavy downloads, the router generates less heat and consumes less electricity. Technical Limitations and Trade-offs

As networking demands continue to scale, the role of hardware acceleration becomes more vital. kmod-nft-offload provides a stable, enterprise-ready way to leverage the power of modern NICs, ensuring that your Linux infrastructure remains fast, responsive, and efficient under even the heaviest traffic loads. Kmod-nft-offload Apr 2026