Build for Netgear R7800

See! there is definitely some problem with the scaling and it does crash always right after the mux code... (that i'm 100% sure it's called by the krait notifier for the safe parent) with a random error like this one for the virtual page fault...

forcing the system to max freq should remove any instability by this problem and the system would crash only with some defect on the chip/bad power supply.
The fact is that regulators are not set to work 100% of the time at max voltage and this on the long run cause crash due to overheat or power supply spike... (or even grid problems)

Back in the old 5.4 days all worked well because we didn't have a cpu freq driver and the cpu and cache was set to the lower value of 800mhz... so the cpu wasn't that sensible to voltage change or problems by the regulator overheating...

would also explain why with the nss core the system is more stable... cpu is less used... less cpu freq change... less load on the regulators...


Yes that makes a lot of sense.
I think a higher minimum scaling freq might help or a fixed one at 1.4Mhz if you don't have extreme bandwidth and want to use SQM. I am going to test both for a few days.
If you do have a high bandwidth connection you probably want nss or set the core fixed at 1.7Mhz and hope for the best :stuck_out_tongue:

I've always kind of wondered what a big fat heat sink would do to improve things here.

not much if the system works outside his spec due to sw bugs

not to be that guy, but we've been on 5.4 (and then 5.10) for well over a year now? knock on wood, i haven't experienced this instability we're talking about. my current uptime is 93 days.

i also pin the min frequency to 800mhz, i seem to recall there was a comment in the qsdk code (or in the patch series at some point) that talked about their being a bug with scaling below 800mhz.

seeing as ya'll bout to be chastised by the OP for posting in this thread on something not specific to this build,

could the discussion about the random crashes be kept on the Netgear R7800 exploration (IPQ8065, QCA9984) topic? It would be easier to follow.


Fixes to dependencies in iptables/nftables were merged today ( ), so the firewall4 starts to stabilise regarding the iptables/nftables availability for other packages. Also SQM dependencies were fixed. Banip and bcp38 are still missing from the build, as they require ipset. The build also included the nftables LuCI status page, although jow has not yet merged the PR officially.

Ps. For those who have personal iptables rules/commands in scripts, "nft" is the firewall rule manipulation command instead of "iptables" in master.

"iptables" is currently actually a translator from the iptables-nft package, translating the iptables syntax to nftables syntax and applying them. Possibly goes ok if vanilla commands, possibly wrong if more exotic commands. "iptables-legacy" would be the old iptables.

"nft list ruleset" shows the firewall.

root@router1:~# iptables-legacy -V
iptables v1.8.7 (legacy)

root@router1:~# iptables -V
iptables v1.8.7 (nf_tables)

root@router1:~# nft list ruleset
table inet fw4 {
        chain input {
                type filter hook input priority filter; policy accept;
                iifname "lo" accept comment "!fw4: Accept traffic from loopback"
                ct state established,related accept comment "!fw4: Allow inbound established and related flows"
                tcp flags syn / fin,syn,rst,ack jump syn_flood comment "!fw4: Rate limit TCP syn packets"
                iifname "br-lan" jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic"
                iifname "eth0.2" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic"

        chain forward {
                type filter hook forward priority filter; policy drop;
                ct state established,related accept comment "!fw4: Allow forwarded established and related flows"

The Netgear devices (r7500/ r7500v2/ r7800/ d7800/ xr500) do have a quite sane thermal design, including a big heat sink covering most of the board, although ipq806x is still running rather hot. The ZyXEL nbg6817 less so, running even hotter. ipq8064 also seems to run cooler in general (smaller heat sinks), not quite surprising given the lower clock rate (so the additional performance in ipq8065 seems to mostly stem from running the silicon closer to its maximum, rather than process improvements).

btw i run my r7800 at 1.9 ghz and 1.7 ghz with cache for more than 40 days with no problem... thermal is really not the problem


Currently running the r18722 build. Since the last three? builds I have a small issue that I can't access my (port forwarded) services using my public IP when accessing them from my own LAN. From the internet everything works. Probably a setting in the new firewall?

One thing to consider for @hnyman : setting the min core to 800000 solves the reboot issues I had earlier...

@jow is probably currently fixing the nat reflection...

That fix (firewall4 version bump) will likely be merged in to OpenWrt soon.


Yes, that'll likely fix it. As a workaround one can add option family ipv4 to the redirect sections.


Yeah, I first tested that 600000, and @Ansuel took that into the commit that got merged. Changing that into 800000 would be easy. The underlying reason is probabyl that the CPU cores are scaled independently, and so sometimes the memory cache frequency can be too log/high for one core.

1 Like

That's exactly the issue i have with firewall4 too.

1 Like

That works for now. Thanks!

1 Like

After increasing this:

sysctl -w net.core.rmem_max=524288

No more messages from nlbwmon in syslog :ok_hand:

With this build?


I overclocked mine for the LULZ


Jow merged today several fixes to firewall4 & related packages, as well as the firewall4 LuCI status page.


I don't understand. I'm a new owner of an R7800 and new to OpenWrt. Which of the builds (in the Dropbox account) should I use?

You might take the newest OpenWrt 21.02 stable build.
You can see the list of newest ones in the first message.

And you need the factory image for flashing from the original OEM firmware, if you are still running that. ( If you are already running some OpenWrt image, use sysupgrade.)

1 Like