Supporting network protocols at high speeds in pure software is getting
increasingly difficult, with 25-100Gb/s interfaces available now and
200-400Gb/s starting to show up. Packet processing at 100Gb/s must happen in 200 cycles or less, which does
not leave much room for processing at the operating-system
level. Fortunately some operations can be performed by hardware,
including checksum verification and offloading parts of the packet send and
receive paths.

As modern hardware adds more functionality, new options are
becoming available. The 5.3 kernel includes a patch set from Pablo Neira
Ayuso that added
support for offloading some packet filtering with netfilter. This patch
set not only adds the offload support, but also performs a refactoring of
the existing offload paths in the generic code and the network card
drivers. More work came in the following kernel releases. This seems like a
good moment to review the recent advancements in offloading in the network
stack.

Source: LWN.net – [$] Accelerating netfilter with hardware offload, part 1