Compiling with flow offload modules

Hi all!
Compiling OpenWRT version v22.03.3.
I'm trying to disable hardware acceleration on my Omnia Turris unit (Atheros chipset) since I want to see more than 2 packets from each session. Now, I've compiled the FLOWOFFLOAD target into iptables kernel and user spaces. Thus, I manage to insert rules like

-A FORWARD -p tcp -m tcp --dport 443 -m connbytes --connbytes 0:30 --connbytes-mode packets --connbytes-dir both -j FLOWOFFLOAD --hw

But even with this rule, I can see only the first 2 or sometimes 3 packets.
Can you guys point me to any leads on that?


The turris omnia would be mvebu based, not Atheros (only the wireless drivers would be qca9980, but that's immaterial for flow-offloading). Interesting that you've...

...which would imply that you'd have to have written mvebu hard-float drivers first, in which case you wouldn't need our advice...

...nor would iptables be useful for flow-offloading - not that OpenWrt would default to it anymore either.

In other words, if you need advice, you'll have to clarify the situation.

1 Like

So, my goal is to manage hardware acceleration on this unit (like SKIPLOG on Broadcom chipsets) and I know that Atheros chipsets have FLOWOFFLOAD module for that. Now, I have compiled my firmware with the following flags enabled for that:

# Netfilter Extensions

And now I can insert OFFLOAD rules, but it seem to have no effect. So, probably there's another way or something's missing. It might be that I'm looking into the wrong direction and FLOWOFFLOAD is not what I need, and that's what I'm asking here.

While AR8327N/ AR8337N does have (a very limited) 'h/w NAT" offloading engine in hardware - and ipq806x, ipq807x, ipq50xx, ipq60xx quite sophisticated NSS/ NPU cores, neither have mainline- nor OpenWrt support and lay dormant.

Keep this disabled, the iptables personality is not mainline and known broken, stick to nftables (only).

So far the only hardware flow-offload support exists for Mediatek hardware (mt7621 and newer). Support for AR8327N/ AR8337N would be quite imaginable, NSS support 'possible' (but a tremenduous amount of work, making it unlikely); mvebu doesn't have it available either. Unless you are on Mediatek hardware, only software flow-offloading will be available to you.

1 Like

Very useful information! THANKS!
So bottom line I can't disable hardware acceleration at this point?

There is experimental NSS support:

...which is irrelevant for the turris omnia and its mvebu SOC (and QCA9980 wireless).