If you're unsure if your hardware supports it, tell me your router model and OpenWrt version .Alternatively, I can help you: Compare performance with and without offloading.
[ Incoming Packet ] │ ▼ [ nftables Firewall ] ───( First packet evaluated against rules ) │ ▼ [ Flow Table Creation ] ──( Stream identified and logged ) │ ▼ [ kmod-nft-offload ] │ ├──► Software Offload (Bypasses Netfilter stack, handled by fast kernel code) │ └──► Hardware Offload (Bypasses CPU entirely, handled by Switch/SoC ASIC) kmod-nft-offload
In strict terms, kmod-nft-offload is not a standalone piece of software you install via yum or apt-get . Instead, it is a collective term used within distributions like Fedora, CentOS, RHEL, and Arch Linux to represent the kernel module supporting the mechanism for nftables. If you're unsure if your hardware supports it,
On a standard OpenWrt installation, the kmod-nft-offload module can be installed via the command line: On a standard OpenWrt installation
Despite its benefits, users often encounter technical challenges when deploying kmod-nft-offload :
Hardware offloading pushes the routing data directly into the Network Processing Unit (NPU) or Application-Specific Integrated Circuit (ASIC) of the router's SoC (System on a Chip).
: Near-zero CPU utilization during massive data transfers; can easily push gigabit line-rates on cheap, energy-efficient hardware.