Hardware NAT For LEDE

leeandy · March 28, 2018, 6:06am

Great news, thanks for hard work @nbd

after · April 3, 2018, 5:54pm

@nbd I built an image from your staging branch to my Xiaomi MIR3G and offloading seems to work great, thank you!
I noticed one thing which is a bit bugging me. Offloaded connections don't seem to register in ifconfig's RX/TX bytes on the WAN and LAN interfaces, so Luci's traffic graphs, vnstat and collectd can't measure the amount of traffic.
Is this an expected side-effect of offloading? Can this be fixed somehow?

kyledawg92 · April 6, 2018, 8:33pm

Has flowoffload hit the snapshot build for Archer C7 v2? Also do you just run the command

iptables -I FORWARD 1 -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD

in SSH and that's it?

slh · April 6, 2018, 8:36pm

ar71xx is still on kernel 4.9, while you require kernel >= 4.14 (4.16 in mainline) for flowoffload support. (ar71xx will probably remain on kernel 4.9, until ath79 takes over).

leeandy · April 7, 2018, 5:15am

Hi @nbd

On Octeon soc, does flow offload can accel to normal routing (LAN-LAN routing, not NAT routing) ? or just accel to NAT routing ?

nbd · April 7, 2018, 7:17am

Flow offload handles normal routing as well.
By the way, there is no need to manually mess with iptables rules anymore.
Just set option flow_offloading 1 in defaults in /etc/config/firewall
On MT7621 you can additionally set option flow_offloading_hw 1 to enable hardware offloading. This will not work with SQM though.

leeandy · April 7, 2018, 9:27am

Once more question.
If i'm enable flow offload & sqm same time, what things is affected ? ex: sqm performance will decrease, flow-offload perf decrease ? ..etc..

dlakelan · April 7, 2018, 1:02pm

As far as I know, sqm doesn't work AT ALL with flow offload. The packets don't go through the linux qdiscs etc it just sidesteps everything. Someone please correct me if I'm wrong.

nbd · April 8, 2018, 7:29am

Software offload does not bypass linux qdisc. It only bypasses the CPU intensive iptables rule processing.

craz · April 8, 2018, 7:47am

Also with QoS scripts?
Many thanks

juppin · April 27, 2018, 11:57am

SQM and QoS does work with flow offloading but not with hw flow offloading!

hw flow offloading is currently only supported for mt7621.

MartB · May 7, 2018, 12:56pm

A bit late but i just wanted to tell you that its working now in the latest version.

juppin · May 7, 2018, 4:11pm

Shaping with hw offloading?

sycohexor · May 7, 2018, 4:29pm

latest version of what?

MartB · May 7, 2018, 10:31pm

My message was a reply to nbds comment above asking me for a packet dump.
Its not related to SQM at all. (Im blaming discourse for the bad visibility of that fact)

On a sidenote sqm and hw offloading together will not work as long as the sqm stuff is not done by the offloading hardware itself (so probably never.)

And im using the latest version that is available on the master branch of openwrt aka lede.

leonmorlando · May 8, 2018, 6:59pm

Just making sure: is there any kmod package I should be selecting, or is flowoffload baked inside the base code? (or another package I'm not aware of)
I'm trying to replace NSS stack with this as a best option given that I'm not a programmer and can't port the R7800 version of the NSS stack to my device.

juppin · May 8, 2018, 9:36pm

All tagets with >= 4.14 Kernel have offloading included.
You only have to set option flow_offloading 1 in firewall default config section.

phuque99 · May 20, 2018, 1:28am

I'm trying to compile this feature in the the openwrt-18 snapshot. Does it need both of these kernel modules enabled?

kmod-ipt-offload
kmod-nft-offload

Mushoz · May 20, 2018, 7:27am

The ipt module is for iptables, the nft module is for nftables. Use the module for whatever firewall you are using. Lede uses iptables by default.

jlindstrom · May 22, 2018, 2:23am

Is there a way to confirm offloading is running?