Kmod-nft-offload [exclusive] Jun 2026

Combine hardware offload with TC flower filters. kmod-nft-offload acts as the control plane, while the driver translates nftables rules into hardware flow entries for service chaining.

: While intended to boost performance (sometimes doubling speeds on lower-end CPUs), it can occasionally cause connectivity or performance issues

The kmod-nft-offload module represents the current generation of Linux hardware acceleration. However, the field is moving toward: kmod-nft-offload

But what exactly is kmod-nft-offload ? Why does it exist as a specific "kmod" (kernel module), and how does it change the landscape of Linux packet filtering?

This article provides a comprehensive technical analysis of kmod-nft-offload , covering its architecture, installation, use cases, and performance implications. Combine hardware offload with TC flower filters

Real-world benchmarks with a 25 GbE Mellanox ConnectX-5 show:

Place a simple drop offload rule for known attack IPs or subnets. The NIC hardware discards malicious traffic before it ever interrupts the CPU, preserving resources for legitimate flows. However, the field is moving toward: But what

: It is designed to speed up network traffic by bypassing parts of the standard Linux networking stack for established connections. This reduces CPU overhead and can significantly increase throughput on compatible hardware. Dependencies : This module typically requires kmod-nf-flow kmod-nft-nat to function correctly. Implementation : It is the -based successor to older

Within the context of OpenWrt and kmod-nft-offload , there are two primary modes:

modprobe nft_offload