0

First of all, I did ask this on OpenWrt Forums already, I thought maybe someone here knows this.

I noticed that my internet speed gets limited when this feature is not enabled, this feature is also marked as experimental, any clue what it actually does and whether it has any security implications?

I tried googling, it seems to be a rather new feature, which lacks documentation.

OpenWRT Wiki does not contain anything about this new feature which got introduced in 19.03 Firmware.

I just found that the term is an OpenWRT's alias for proprietary technologies doing the same thing, about which I found no information whatsoever so this research didn't bring me any further apparently.

And yes, I am aware that this experimental feature is not compatible with QoS and SQM, but I don't really use that (source: https://forum.openwrt.org/t/software-flow-offloading-implications/90957 )

Sir Muffington
  • 1,447
  • 2
  • 9
  • 22

1 Answers1

1

Flow offloading is generally a fast-path to circumvent most of the Linux Netfilter stack for already-tracked flows, improving NAT performance on otherwise underpowered hardware. One could argue that there are potentially security implications due to packets traversing a different, possibly less-scrutinized code path, but that is not automatically an issue.

Worst case, there is a memory corruption vulnerability in the code allowing compromise of the system, or there are logic vulnerabilities that allow packets to bypass rules. Without a security code review, this is just pure speculation.

multithr3at3d
  • 12,355
  • 3
  • 29
  • 42