Kmod-nft-offload -

kmod-nft-offload is a crucial kernel module for anyone looking to maximize the performance of their OpenWrt router by leveraging Flow Offloading.

. In recent OpenWrt versions (like 24.10), some related modules like kmod-nft-queue kmod-nft-offload

What happens here?

If you’ve ever used nftables, you know it’s powerful and flexible. But software filtering still consumes CPU. What if your network card could do the heavy lifting? Enter hardware offloading — and the kernel module that makes it work. kmod-nft-offload is a crucial kernel module for anyone

Troubleshooting & Limitations

• Complex Rules: Not all firewall rules can be offloaded. Hardware usually has limited memory for rules. Complex matching (like deep packet inspection) generally cannot be offloaded and will fall back to software processing.
• Driver Support: Just because you have the kmod does not mean your hardware supports it. You can check your hardware capabilities using ethtool:

  ethtool -k eth0 | grep offload
  

  Look for hw-offload: on or similar flags.
• Connection Tracking: Offloading relies heavily on the kernel's Connection Tracking System (conntrack). If conntrack is full or disabled, offloading will fail.