Kmod-nft-offload

First, let's decode the name:

In strict terms, kmod-nft-offload is not a standalone piece of software you install via yum or apt-get. Instead, it is a collective term used within distributions like Fedora, CentOS, RHEL, and Arch Linux to represent the kernel module supporting the NETDEV flow offload mechanism for nftables.

When you run modprobe nft-offload, you are loading the subsystem that allows nftables rules to be translated into low-level flow entries (TC flower rules) that NIC hardware can understand. kmod-nft-offload

nft add chain netdev filter ingress type filter hook ingress device eth0 priority 0;

# Load the offload module (usually auto-loaded)
modprobe kmod-nft-offload
If rules aren’t offloading, check:

Not all rules can offload:

✅ Supported: IP forwarding, MAC rewrite, basic VLAN

❌ Unsupported: Stateful matching (ct), logging, dynamic sets, NAT (on some hardware)

opkg install kmod-nft-offload
Check if module loaded:
lsmod | grep nft_offload

Driver must advertise offload capability: First, let's decode the name:
ethtool -k eth0 | grep hw-tc-offload
# Must show "on"

Common failures:

Debugging:
echo 'file nft_offload.c +p' > /sys/kernel/debug/dynamic_debug/control
dmesg -w | grep -i offload