[$] Accelerating netfilter with hardware offload, part 1

Supporting network protocols at high speeds in pure software is gettingincreasingly difficult, with 25-100Gb/s interfaces available now and200-400Gb/s starting to show up. Packet processing at 100Gb/s must happen in 200 cycles or less, which doesnot leave much room for processing at the operating-systemlevel. Fortunately some operations can be performed by hardware,including checksum verification and offloading parts of the packet send andreceive paths.

As modern hardware adds more functionality, new options arebecoming available. The 5.3 kernel includes a patch set from Pablo NeiraAyuso that addedsupport for offloading some packet filtering with netfilter. This patch set not only adds the offload support, but also performs a refactoring ofthe existing offload paths in the generic code and the network carddrivers. More work came in the following kernel releases. This seems like agood moment to review the recent advancements in offloading in the networkstack.