natflow works by matching packets against a hash table to quickly determine forwarding information, performing necessary NAT and MAC modifications, and directly sending matched packets to the NIC, while unmatched packets follow the traditional slow path for processing.
2 Likes
How is this different to kernel flow offloading?
Are there any advantages or disadvantages between the two?
@ptpt52 this looks great!, and certainly promising to increase speeds, do you have handy speed tests to show us the impact in improvements?
also, I saw your mentions to specific chipsets, is something hardware constrained or can be adapted to any chipset/driver?
I also saw that this is part of your own fork of OpenWrt that you are maintaining, are you open to create a PR to request a merge to the OpenWrt upstream? would benefit million of devices out there with OpenWrt.
ps: code at first glance looks good, requires a bit of refactoring though, some pointers clean up, complexity would require a few hours from the devs to fully understand the mechanisms you put in place there.
Thanks
natflow is a versatile and high-performance network acceleration solution that provides the following key features:
- Fastpath for High-Speed Packet Forwarding :
- Implements a software-based fast path for rapid packet forwarding.
- Works on any platform, delivering exceptional forwarding performance.
- Hardware NAT (hwnat) Support :
- For specific platforms like MT7621 , MT7622 , MT7981 , MT7986 , and others, natflow provides hardware NAT support, enabling hardware-based acceleration for even higher performance.
- Requires kernel patches for proper integration.
- User Identification and Traffic Auditing :
- Identifies individual IP users and monitors their traffic and speed.
- Provides detailed traffic auditing for user-level insights.
- Traffic Control (QoS) :
- Enables bandwidth management and traffic shaping for users.
- Ensures fair usage and optimized network performance.
- Internet Access Control :
- Allows or blocks internet access for specific users based on policies.
- URL Auditing (urllogger) :
- Monitors and logs the domains or URLs accessed by users.
- Offers visibility into user browsing behavior.
- Website Access Control :
- Matches user traffic against defined rules to restrict access to specific websites.
natflow combines software fast path, hardware acceleration (on supported platforms), and advanced user management and auditing features, making it ideal for performance-critical and policy-driven network environments.
While natflow offers many advanced features, integrating it into OpenWrt is not straightforward. The following challenges exist:
- Requires significant processing and adaptation work to align with OpenWrt's architecture.
- Some modifications and the required kernel patches may not be easily accepted by the OpenWrt community or upstream maintainers.
Then what is the purpose of this thread?
Things like this are pretty much a case of "get it mainline or get lost" (not meant as an ad-hominem). No disrespect, on the contrary, but things like these will need constant attention to fix for new kernels, to deal with security issues, something OpenWrt is not well suited to take care of. This means both the collaborative fixing/ adapting by mainline developers (who will have to fix it, if they break it) and the mainline review for security issues are essential.
We've seen with Atheros "hardware NAT" and QCA's NSS subsystems how (badly) the story goes, if the developers start early with approaching mainline developers and getting it merged - in contrast to (hardware-) flow-offloading which made that leap.
1 Like