[Banana BPI-R4] Wifi7 status

Hello @rmandrad ,@danpawlik, in the 5g option so that it appears with the name I want, for example banana_5g , I must first create SSID: OpenWrt-5g, I am talking about in ax mode, I have not tried it in be mode, the upload and download speed is the normal one about 1426.93, but I connect to banana_5g , instead of OpenWrt-5g , the download and upload is very similar.

then I delete OpenWrt-5g, and leave only banana_5g, the speed changes to a little more than 900 megabytes, I lose almost 500 megabytes by deleting OpenWrt-5g, in case it is a bug in some patch and it can be solved I don't know if by touching some patch or if it is normal to delete and leave only one SSId

OpenWrt SNAPSHOT build r0-ff20ee7 / LuCI 14be branch 24.280.60395~3c982c9

OpenWRT BPI-R4 configs/mediatek/mt7988a/bpi-r4 + BE14 + luci BE - v14-luci-eht - 2024-10-06

I just saw that you made a new build an hour ago, which has not been tested, and maybe this is fixed

Thanks for your great work to the whole community.

5G1920×1404 252 KB

banana_5g1920×1404 236 KB

Interesting, even after applying your patch, the command:

openssl engine -t -c -pre DUMP_INFO

Is failing.
To reproduce, I'm using basic packages, for example for community build:

          curl -SL https://raw.githubusercontent.com/danpawlik/openwrt-builder/master/configs/mediatek/mt7988a/bpi-r4 > .config
          curl -SL https://raw.githubusercontent.com/danpawlik/openwrt-builder/master/configs/common/luci >> .config
          curl -SL https://raw.githubusercontent.com/danpawlik/openwrt-builder/master/configs/common/snapshot-short >> .config
          sed -i '/CONFIG_PACKAGE_wpad-mbedtls=y/d' .config
          curl -SL https://raw.githubusercontent.com/danpawlik/openwrt-builder/master/configs/common/openssl >> .config
          curl -SL https://raw.githubusercontent.com/danpawlik/openwrt-builder/master/configs/common/lte-5g-modem >> .config
          curl -SL https://raw.githubusercontent.com/danpawlik/openwrt-builder/master/configs/common/community >> .config

make defconfig

What step/config I miss to make that work?

I'm running one of your builds from last week (with a couple extra packages) and am getting the following

(dynamic) Dynamic engine loading support
[Failure]: DUMP_INFO
304D2A937F000000:error:13000089:engine routines:int_ctrl_helper:invalid cmd name:crypto/engine/eng_ctrl.c:90:
304D2A937F000000:error:13000089:engine routines:ENGINE_ctrl_cmd_string:invalid cmd name:crypto/engine/eng_ctrl.c:258:
     [ unavailable ]
(devcrypto) /dev/crypto engine
Information about ciphers supported by the /dev/crypto engine:
Cipher DES-CBC, NID=31, /dev/crypto info: id=1, CIOCGSESSION (session open call) failed
Cipher DES-EDE3-CBC, NID=44, /dev/crypto info: id=2, CIOCGSESSION (session open call) failed
Cipher BF-CBC, NID=91, /dev/crypto info: id=3, CIOCGSESSION (session open call) failed
Cipher CAST5-CBC, NID=108, /dev/crypto info: id=4, CIOCGSESSION (session open call) failed
Cipher AES-128-CBC, NID=419, /dev/crypto info: id=11, driver=cbc-aes-ce (software)
Cipher AES-192-CBC, NID=423, /dev/crypto info: id=11, driver=cbc-aes-ce (software)
Cipher AES-256-CBC, NID=427, /dev/crypto info: id=11, driver=cbc-aes-ce (software)
Cipher RC4, NID=5, /dev/crypto info: id=12, CIOCGSESSION (session open call) failed
Cipher AES-128-CTR, NID=904, /dev/crypto info: id=21, driver=ctr-aes-ce (software)
Cipher AES-192-CTR, NID=905, /dev/crypto info: id=21, driver=ctr-aes-ce (software)
Cipher AES-256-CTR, NID=906, /dev/crypto info: id=21, driver=ctr-aes-ce (software)
Cipher AES-128-ECB, NID=418, /dev/crypto info: id=23, driver=ecb-aes-ce (software)
Cipher AES-192-ECB, NID=422, /dev/crypto info: id=23, driver=ecb-aes-ce (software)
Cipher AES-256-ECB, NID=426, /dev/crypto info: id=23, driver=ecb-aes-ce (software)

Information about digests supported by the /dev/crypto engine:
Digest MD5, NID=4, /dev/crypto info: id=13, driver=md5-generic (software), CIOCCPHASH capable
Digest SHA1, NID=64, /dev/crypto info: id=14, driver=sha1-ce (software), CIOCCPHASH capable
Digest RIPEMD160, NID=117, /dev/crypto info: id=102, driver=unknown. CIOCGSESSION (session open) failed
Digest SHA224, NID=675, /dev/crypto info: id=103, driver=sha224-ce (software), CIOCCPHASH capable
Digest SHA256, NID=672, /dev/crypto info: id=104, driver=sha256-ce (software), CIOCCPHASH capable
Digest SHA384, NID=673, /dev/crypto info: id=105, driver=sha384-arm64 (software), CIOCCPHASH capable
Digest SHA512, NID=674, /dev/crypto info: id=106, driver=sha512-arm64 (software), CIOCCPHASH capable

[Success]: DUMP_INFO
     [ available ]

I can get you a full package list if you'd like. OpenSSL version:

OpenSSL 3.0.15 3 Sep 2024 (Library: OpenSSL 3.0.15 3 Sep 2024)

And that's odd. I'm doing image locally, same config, but difference container image (maybe that's why?) and I don't have such output. Need to find few min to check.
So far, thanks @wrcrooks

Do you want me to try a build with the added 'libopenssl-alfag_sync' package? @rmandrad's pull request isn't complete yet, does your GitHub Actions builder pull openssl from a repo of his that would have the code changes?

Scratch that, I see that you have the patch in your openwrt repo that the builder is pulling from (Commit 6a5ab1b). I'll give it a shot building with the added packages and see if I come up with the same output as @rmandrad

So it is surprising to me, due I added all packages as @rmandrad suggested but it still does not work.
After all(don't have time to play with that right now), I added:

CONFIG_PACKAGE_kmod-crypto-user=y
CONFIG_OPENSSL_ENGINE_BUILTIN=y
CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO=y

It enables Acceleration support through /dev/crypto, and it starts working.
One day I need to check how to enable that to make that cryptodev enable without building own package (but by using firmware selector image).

Yeah that's actually a very interesting question. I've always used it for customizing the packages but never thought about setting configuration items like that. I'd be curious if there's a syntax for it.

have you enabled crypto_safexcel?

root@bananapi4:~# lsmod|grep crypto
crypto_safexcel        98304  0
cryptodev              49152  3

Also, did you find it necessary to include the libopenssl-afalg_sync package instead of libopenssl-afalg like @rmandrad suggested?

My build from last week has crypto_safexcel enabled (validated via lsmod) but isn't showing it in "openssl engine -t -c -pre DUMP_INFO" (output above, with various non-safexcel drivers). I'm currently running a new build with all the package selection changes you suggested to @danpawlik

on last @danpawlik build output is:

root@OpenWrt:~# openssl engine -t -c -pre DUMP_INFO
(dynamic) Dynamic engine loading support
[Failure]: DUMP_INFO
304DA18C7F000000:error:13000089:engine routines:int_ctrl_helper:invalid cmd name:crypto/engine/eng_ctrl.c:90:
304DA18C7F000000:error:13000089:engine routines:ENGINE_ctrl_cmd_string:invalid cmd name:crypto/engine/eng_ctrl.c:258:
     [ unavailable ]
(devcrypto) /dev/crypto engine
Information about ciphers supported by the /dev/crypto engine:
Cipher DES-CBC, NID=31, /dev/crypto info: id=1, driver=safexcel-cbc-des (hw accelerated)
Cipher DES-EDE3-CBC, NID=44, /dev/crypto info: id=2, driver=safexcel-cbc-des3_ede (hw accelerated)
Cipher BF-CBC, NID=91, /dev/crypto info: id=3, CIOCGSESSION (session open call) failed
Cipher CAST5-CBC, NID=108, /dev/crypto info: id=4, CIOCGSESSION (session open call) failed
Cipher AES-128-CBC, NID=419, /dev/crypto info: id=11, driver=safexcel-cbc-aes (hw accelerated)
Cipher AES-192-CBC, NID=423, /dev/crypto info: id=11, driver=safexcel-cbc-aes (hw accelerated)
Cipher AES-256-CBC, NID=427, /dev/crypto info: id=11, driver=safexcel-cbc-aes (hw accelerated)
Cipher RC4, NID=5, /dev/crypto info: id=12, CIOCGSESSION (session open call) failed
Cipher AES-128-CTR, NID=904, /dev/crypto info: id=21, driver=ctr-aes-ce (software)
Cipher AES-192-CTR, NID=905, /dev/crypto info: id=21, driver=ctr-aes-ce (software)
Cipher AES-256-CTR, NID=906, /dev/crypto info: id=21, driver=ctr-aes-ce (software)
Cipher AES-128-ECB, NID=418, /dev/crypto info: id=23, driver=safexcel-ecb-aes (hw accelerated)
Cipher AES-192-ECB, NID=422, /dev/crypto info: id=23, driver=safexcel-ecb-aes (hw accelerated)
Cipher AES-256-ECB, NID=426, /dev/crypto info: id=23, driver=safexcel-ecb-aes (hw accelerated)

Information about digests supported by the /dev/crypto engine:
Digest MD5, NID=4, /dev/crypto info: id=13, driver=safexcel-md5 (hw accelerated), CIOCCPHASH capable
Digest SHA1, NID=64, /dev/crypto info: id=14, driver=safexcel-sha1 (hw accelerated), CIOCCPHASH capable
Digest RIPEMD160, NID=117, /dev/crypto info: id=102, driver=unknown. CIOCGSESSION (session open) failed
Digest SHA224, NID=675, /dev/crypto info: id=103, driver=safexcel-sha224 (hw accelerated), CIOCCPHASH capable
Digest SHA256, NID=672, /dev/crypto info: id=104, driver=safexcel-sha256 (hw accelerated), CIOCCPHASH capable
Digest SHA384, NID=673, /dev/crypto info: id=105, driver=safexcel-sha384 (hw accelerated), CIOCCPHASH capable
Digest SHA512, NID=674, /dev/crypto info: id=106, driver=safexcel-sha512 (hw accelerated), CIOCCPHASH capable

[Success]: DUMP_INFO
 [DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC]
     [ available ]

Thank you for confirming! I'll flash the new image when I get back behind my BPI-R4.

You also need his patch no?

Since my builder works the same way as danpawlik's does (cloning github.com/danpawlik/openwrt) as the source, I'm bandwagoning off of his great work, including him having rmandrad's patch already in that repo. I've just been modifying my packages selections to suit my needs and to implement rmandrad's suggestions around openssl.

Undoubtedly danpawlik will end up doing the same and make my modifications obsolete, but it's a great learning experience!

now it is double weird. The new build does not contain my recent changes with:

CONFIG_PACKAGE_kmod-crypto-user=y
CONFIG_OPENSSL_ENGINE_BUILTIN=y
CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO

so why on my local container, on clean build I have such issue and on GH workflows not. That's amazing.

@rmandrad should I remove the code from my config and go back just to kmod-cryptodev or I can leave as it is due there is no difference?

BTW, does someone know what feature that brings: https://git01.mediatek.com/plugins/gitiles/openwrt/feeds/mtk-openwrt-feeds/+/a372af8c6c72fd8d264d51027e0d18ed96aca714 ? wondering what is the shortcut of wo

Confirmed in my latest build:

(dynamic) Dynamic engine loading support
[Failure]: DUMP_INFO
300DDFAB7F000000:error:13000089:engine routines:int_ctrl_helper:invalid cmd name:crypto/engine/eng_ctrl.c:90:
300DDFAB7F000000:error:13000089:engine routines:ENGINE_ctrl_cmd_string:invalid cmd name:crypto/engine/eng_ctrl.c:258:
     [ unavailable ]
(devcrypto) /dev/crypto engine
Information about ciphers supported by the /dev/crypto engine:
Cipher DES-CBC, NID=31, /dev/crypto info: id=1, driver=safexcel-cbc-des (hw accelerated)
Cipher DES-EDE3-CBC, NID=44, /dev/crypto info: id=2, driver=safexcel-cbc-des3_ede (hw accelerated)
Cipher BF-CBC, NID=91, /dev/crypto info: id=3, CIOCGSESSION (session open call) failed
Cipher CAST5-CBC, NID=108, /dev/crypto info: id=4, CIOCGSESSION (session open call) failed
Cipher AES-128-CBC, NID=419, /dev/crypto info: id=11, driver=safexcel-cbc-aes (hw accelerated)
Cipher AES-192-CBC, NID=423, /dev/crypto info: id=11, driver=safexcel-cbc-aes (hw accelerated)
Cipher AES-256-CBC, NID=427, /dev/crypto info: id=11, driver=safexcel-cbc-aes (hw accelerated)
Cipher RC4, NID=5, /dev/crypto info: id=12, CIOCGSESSION (session open call) failed
Cipher AES-128-CTR, NID=904, /dev/crypto info: id=21, driver=ctr-aes-ce (software)
Cipher AES-192-CTR, NID=905, /dev/crypto info: id=21, driver=ctr-aes-ce (software)
Cipher AES-256-CTR, NID=906, /dev/crypto info: id=21, driver=ctr-aes-ce (software)
Cipher AES-128-ECB, NID=418, /dev/crypto info: id=23, driver=safexcel-ecb-aes (hw accelerated)
Cipher AES-192-ECB, NID=422, /dev/crypto info: id=23, driver=safexcel-ecb-aes (hw accelerated)
Cipher AES-256-ECB, NID=426, /dev/crypto info: id=23, driver=safexcel-ecb-aes (hw accelerated)

Information about digests supported by the /dev/crypto engine:
Digest MD5, NID=4, /dev/crypto info: id=13, driver=safexcel-md5 (hw accelerated), CIOCCPHASH capable
Digest SHA1, NID=64, /dev/crypto info: id=14, driver=safexcel-sha1 (hw accelerated), CIOCCPHASH capable
Digest RIPEMD160, NID=117, /dev/crypto info: id=102, driver=unknown. CIOCGSESSION (session open) failed
Digest SHA224, NID=675, /dev/crypto info: id=103, driver=safexcel-sha224 (hw accelerated), CIOCCPHASH capable
Digest SHA256, NID=672, /dev/crypto info: id=104, driver=safexcel-sha256 (hw accelerated), CIOCCPHASH capable
Digest SHA384, NID=673, /dev/crypto info: id=105, driver=safexcel-sha384 (hw accelerated), CIOCCPHASH capable
Digest SHA512, NID=674, /dev/crypto info: id=106, driver=safexcel-sha512 (hw accelerated), CIOCCPHASH capable

[Success]: DUMP_INFO
 [DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC, AES-128-ECB, AES-192-ECB, AES-256-ECB]
     [ available ]

I used the following code:

curl -SL https://raw.githubusercontent.com/danpawlik/openwrt-builder/master/configs/common/openssl >> .config
echo "CONFIG_PACKAGE_libopenssl-afalg_sync=y" >> .config
echo "CONFIG_PACKAGE_libopenssl-gost_engine=y" >> .config
echo "CONFIG_AFALG_UPDATE_CTR_IV=y" >> .config

sed -i '/CONFIG_PACKAGE_libopenssl-afalg=y/d' .config

In OpenWRT, WED (Wireless Ethernet Dispatch) and WO (Wireless Offload) are features designed to enhance the performance of wireless networks, particularly on Mediatek-based routers.

• WED (Wireless Ethernet Dispatch): This feature helps to offload some of the wireless processing tasks from the CPU to dedicated hardware, improving overall network performance and reducing CPU load².
• WO (Wireless Offload): This involves offloading wireless data processing tasks to specialized hardware, which can lead to better performance and efficiency⁴.

These features are particularly useful in high-performance routers where managing large amounts of data efficiently is crucial. However, enabling these features might require specific firmware files and configurations²⁴.

Source: Conversation with Copilot, 10/8/2024
(1) MT7986 router - WED couldn't be enabled #746 - GitHub. https://github.com/openwrt/mt76/issues/746.
(2) Support for Cudy WR3000 - Page 3 - OpenWrt Forum. Support for Cudy WR3000.
(3) Upgrading OpenWrt firmware using LuCI and CLI. https://bing.com/search?q=WED+WO+firmware+in+OpenWRT.
(4) Upgrading OpenWrt firmware using LuCI and CLI. https://openwrt.org/docs/guide-user/installation/generic.sysupgrade.
(5) WED hang on latest 6.1 kernel on mt7981 #14655 - GitHub. https://github.com/openwrt/openwrt/issues/14655.
(6) undefined. https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=587585e1bbebc250d46ebb0eeaf986d9c3c01c69.

Thanks Microsoft Copilot!

i just don't know how is not working for you ... others are reporting the safexcel showing up on the openssl report ... openssl + devcrypto is a quite complex config although must say don't see any proof yet it brings any improvements probably why mtk has the crypto-eip and hnat modules on the 5.4 kernel. Anyhow just thought to bring this patch (after retrofitting a 5.4 patch) so at least is one less thing is not working ...

I am researching wed ... still didn't figure it out but i am quite sure is not working which I think most probably means HW offloading doesn't work.

There's no one out there it feels that can talk on this forum authoritatively about mediatek ... plans etc ... so one ends up backporting 5.4 patches like the safexcel one ...

No change, if i use netsh wlan show all -

SSID 21 : OpenWrt
    Network type            : Infrastructure
    Authentication          : WPA3-Personal
    Encryption              : CCMP
    BSSID 1                 : 00:00:00:00:00:00
         Signal             : 92%
         Radio type         : 802.11ax
         Band               : 5 GHz
         Channel            : 64
         Details            :  (H2E supported)
         Bss Load:
             Connected Stations:         1
             Channel Utilization:        51 (20 %)
             Medium Available Capacity:  0 (0 us/s)
         QoS MSCS Supported    : 0
         QoS Map Supported     : 1
         Colocated APs:    : 1
            BSSID: 00:00:00:00:00:00,  Band: 6 GHz,  Channel: 65
         Basic rates (Mbps) : 6 12 24
         Other rates (Mbps) : 9 18 36 48 54

What is "Сolacated Aps" in 6ghz band channel 65 ?