Kmod-nft-offload May 2026

While standard nftables rules are processed by the system's CPU, kmod-nft-offload allows the kernel to "offload" established network flows directly to compatible Network Interface Cards (NICs). This means once a connection is verified and established, the hardware takes over the heavy lifting, bypassing the CPU for subsequent packets in that stream. How Flow Offloading Works

Processing packets in specialized silicon is generally more power-efficient than using general-purpose CPU cycles. Prerequisites and Compatibility kmod-nft-offload

If hardware offloading is enabled via kmod-nft-offload , the kernel sends a message to the NIC's firmware. The hardware then creates a shortcut for that specific flow. While standard nftables rules are processed by the