Just for the sake of discussion, one of the biggest new features in OpenWrt 18.06 with kernel 4.14 is flow offloading. Is there anything exciting that the next big kernel update could bring? Given that kernel 4.18 is close to release.
Thanks.
To respond to my own post, eventually they are overhauling the failover. Likely with kernel 5.0/5.1 there will be implemented "new BPFILTER-based solution should allow better security, easier maintenance, and potential performance wins via BPF JIT and hardware offloading."
https://www.phoronix.com/scan.php?page=news_item&px=Networking-Linux-4.18
Just some cool stuff for discussion.
Offtopic, but I'm interested in this as well. Do you know if there have been any attempts in that direction? I guess many parts of OpenWrt (at least firewall3) have to be rewritten to make use of nftables instead of iptables.
1 Like
Yes, compiles and runs fine, but LuCI is still tied to the iptables implementation, so you can't have LuCI and a "pure" nftables install. Someone would have to write "firewall4" and a GUI for it.
With how slowly nftables has sorted out all kinds of basic functionality and usability issues, I'm not holding my breath for yet another forward-looking firewall implementation. Then again, anything that is more readable than iptables would be very welcome. In my opinion, if you can't easily understand the ruleset, you can't verify if it is doing what you expect.
2 Likes