I have read that the flow offloading feature has been available in upstream kernels since 4.16 and was backported to OpenWrt since 4.14. The Linux documentation mentioned that the flow offloading depends on these two kernel modules:
nf_flow_table
nft_flow_offload
If I install a regular Linux distro (Debian, Ubuntu etc.) on a device such as RPI, does it mean that I can enable flow offloading by just loading these two kernel modules? Do I need to add some configurations in order for flow offloading to work?
OpenWrt makes flow offloading very simple by just enabling the "Software Offloading" setting. I'm trying to understand how such capability can be done in a regular Linux distro.
No, the firewall rules need to match and allow offloading - but, yes, you can use software flow-offloading on any recent linux distribution (hardware flow-offloading on corresponding hardware offering it (Mediatek), on which you're less likely to run a general purpose distro), if you configure it accordingly).
Searching Google gave an example of enabling flow offloading. It clearly has the keyword "offload" in the example.
Enabling the flowtable bypass is relatively easy, you only need to create a
flowtable and add one rule to your forward chain.
table inet x {
flowtable f {
hook ingress priority 0; devices = { eth0, eth1 };
}
chain y {
type filter hook forward priority 0; policy accept;
ip protocol tcp flow offload @f
counter packets 0 bytes 0
}
}
This example adds the flowtable 'f' to the ingress hook of the eth0 and eth1
netdevices.
Thanks a lot jow! I've finally got the missing link. I kept looking for "offload" while totally missing the obvious flowtable definition at the beginning of the nft table settings.