I'm having random wifi disconnects as well. Reboot I haven't seen yet. I didn't touch any SQM so far
EDIT: Just had my 1st reboot too. The WAF is going down by the minute, I'll go back to stock OpenWrt 2305, it was slower but at least stable.
1 Like
Had a R7800 reboot using @ACwifidude 23.05 diffconfig-ath10k:, -
some details which may be more useful than 'it crashed, bye ...'
OpenWrt 23.05-SNAPSHOT r23277-ee1e77a7cf / LuCI openwrt-23.05 branch git-23.189.73029-ac423e9
my only modification is to:
build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/dnsmasq-nodhcpv6/dnsmasq-2.89/src/forward.c
-- to disable logging of "possible DNS-rebind attack detected: errors - I get so many that syslog is stuffed w/ them and I think it's an artifact of pihole.
one usb sdcard drive is mounted, /dev/sda1
see the screenshot for system details.
/sys/fs/pstore:
openwrt-23.05-nss# cat console-ramoops-0
1271] xhci-hcd xhci-hcd.1.auto: Host supports USB 3.0 SuperSpeed
[ 6.469337] hub 3-0:1.0: USB hub found
[ 6.475443] hub 3-0:1.0: 1 port detected
[ 6.479331] usb usb4: We don't know the algorithms for LPM for this host, disabling LPM.
[ 6.483729] hub 4-0:1.0: USB hub found
[ 6.491342] hub 4-0:1.0: 1 port detected
[ 6.498029] usbcore: registered new interface driver usb-storage
[ 6.499706] usbcore: registered new interface driver uas
[ 6.505160] kmodloader: done loading kernel modules from /etc/modules-boot.d/*
[ 6.520829] init: - preinit -
[ 6.760233] usb 3-1: new high-speed USB device number 2 using xhci-hcd
[ 6.957188] usb-storage 3-1:1.0: USB Mass Storage device detected
[ 6.957547] scsi host1: usb-storage 3-1:1.0
[ 8.002678] scsi 1:0:0:0: Direct-Access Generic STORAGE DEVICE 9407 PQ: 0 ANSI: 0
[ 8.160283] ipq8064-mdio 37000000.mdio eth1: nss_gmac_start_up: Force link up
[ 8.160321] ipq8064-mdio 37000000.mdio eth1: 1000 Mbps Full Duplex
[ 8.166446] ipq8064-mdio 37000000.mdio eth1: nss_gmac_dev_set_speed:NSS_ETH_CLK_DIV0(0xc) - 0x100
[ 8.172588] ipq8064-mdio 37000000.mdio eth1: nss_gmac_dev_set_speed: qsgmii_base(0xde8a0000) + PCS_MODE_CTL(0x68): 0x80008082
[ 8.181520] ipq8064-mdio 37000000.mdio eth1: nss_gmac_reset: eth1 resetting...
[ 8.193445] sd 1:0:0:0: [sda] 61952000 512-byte logical blocks: (31.7 GB/29.5 GiB)
[ 8.200662] sd 1:0:0:0: [sda] Write Protect is off
[ 8.208197] sd 1:0:0:0: [sda] No Caching mode page found
[ 8.212245] sd 1:0:0:0: [sda] Assuming drive cache: write through
[ 8.247683] sda: sda1
[ 8.251196] sd 1:0:0:0: [sda] Attached SCSI removable disk
[ 9.290648] ipq8064-mdio 37000000.mdio eth1: GMAC reset completed in 110 jiffies; dma_bus_mode - 0x20100
[ 9.290895] ipq8064-mdio 37000000.mdio eth1: nss_gmac_change_mtu: Enabling Normal Frame MTU (Requested MTU [1500])
[ 9.299241] ipq8064-mdio 37000000.mdio eth1: nss_gmac_change_mtu: Enabling Jumbo Frame MTU for eth1 (Requested MTU [1500])
[ 9.309457] ipq8064-mdio 37000000.mdio eth1: Set addr a0:04:60:11:77:b5
[ 9.320493] ipq8064-mdio 37000000.mdio eth1: nss_gmac_ipc_offload_init: enable Rx checksum
[ 9.326909] ipq8064-mdio 37000000.mdio eth1: nss_gmac_config_flow_control:
[ 9.335319] ipq8064-mdio 37000000.mdio eth1: nss_gmac_rx_pause_disable: disable Rx flow control
[ 9.342151] ipq8064-mdio 37000000.mdio eth1: nss_gmac_tx_pause_disable: disable Tx flow control
[ 9.351343] ipq8064-mdio 37000000.mdio eth1: nss_gmac_linkup: data plane open command successfully issued
[ 9.360315] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
[ 9.369432] IPv6: ADDRCONF(NETDEV_CHANGE): eth1.1: link becomes ready
[ 14.474807] Starting lvm2 during preinit
[ 15.242629] mount_root: loading kmods from internal overlay
[ 15.262231] kmodloader: loading kernel modules from //etc/modules-boot.d/*
[ 15.266906] kmodloader: done loading kernel modules from //etc/modules-boot.d/*
[ 15.435196] UBIFS (ubi0:1): Mounting in unauthenticated mode
[ 15.440052] UBIFS (ubi0:1): background thread "ubifs_bgt0_1" started, PID 221
[ 15.551156] UBIFS (ubi0:1): UBIFS: mounted UBI device 0, volume 1, name "rootfs_data"
[ 15.551186] UBIFS (ubi0:1): LEB size: 126976 bytes (124 KiB), min./max. I/O unit sizes: 2048 bytes/2048 bytes
[ 15.557966] UBIFS (ubi0:1): FS size: 82534400 bytes (78 MiB, 650 LEBs), max 661 LEBs, journal size 4190208 bytes (3 MiB, 33 LEBs)
[ 15.567913] UBIFS (ubi0:1): reserved for root: 3898303 bytes (3806 KiB)
[ 15.579536] UBIFS (ubi0:1): media format: w5/r0 (latest is w5/r0), UUID ACCF67F3-9264-4E54-B0DA-0B291E9BE7F4, small LPT model
[ 15.586844] block: attempting to load /tmp/ubifs_cfg/upper/etc/config/fstab
[ 15.597542] block: unable to load configuration (fstab: Entry not found)
[ 15.604273] block: attempting to load /tmp/ubifs_cfg/etc/config/fstab
[ 15.611237] block: unable to load configuration (fstab: Entry not found)
[ 15.617477] block: attempting to load /etc/config/fstab
[ 15.627646] block: unable to load configuration (fstab: Entry not found)
[ 15.629196] block: no usable configuration
[ 15.638664] UBIFS (ubi0:1): un-mount UBI device 0
[ 15.640088] UBIFS (ubi0:1): background thread "ubifs_bgt0_1" stops
[ 15.647753] UBIFS (ubi0:1): Mounting in unauthenticated mode
[ 15.660229] UBIFS (ubi0:1): background thread "ubifs_bgt0_1" started, PID 222
[ 15.766645] UBIFS (ubi0:1): UBIFS: mounted UBI device 0, volume 1, name "rootfs_data"
[ 15.766675] UBIFS (ubi0:1): LEB size: 126976 bytes (124 KiB), min./max. I/O unit sizes: 2048 bytes/2048 bytes
[ 15.773511] UBIFS (ubi0:1): FS size: 82534400 bytes (78 MiB, 650 LEBs), max 661 LEBs, journal size 4190208 bytes (3 MiB, 33 LEBs)
[ 15.783407] UBIFS (ubi0:1): reserved for root: 3898303 bytes (3806 KiB)
[ 15.795029] UBIFS (ubi0:1): media format: w5/r0 (latest is w5/r0), UUID ACCF67F3-9264-4E54-B0DA-0B291E9BE7F4, small LPT model
[ 16.036103] block: attempting to load /tmp/ubifs_cfg/upper/etc/config/fstab
[ 16.036216] block: unable to load configuration (fstab: Entry not found)
[ 16.042036] block: attempting to load /tmp/ubifs_cfg/etc/config/fstab
[ 16.048972] block: unable to load configuration (fstab: Entry not found)
[ 16.055335] block: attempting to load /etc/config/fstab
[ 16.062067] block: unable to load configuration (fstab: Entry not found)
[ 16.067048] block: no usable configuration
[ 16.075105] mount_root: overlay filesystem has not been fully initialized yet
[ 16.078408] mount_root: switching to ubifs overlay
[ 16.415758] urandom-seed: Seed file not found (/etc/urandom.seed)
[ 16.503089] procd: - early -
[ 16.503189] procd: - watchdog -
[ 16.505103] procd: Watchdog has previously reset the system
[ 17.034853] procd: - watchdog -
[ 17.034930] procd: Watchdog has previously reset the system
[ 17.037106] procd: - ubus -
[ 17.099051] procd: - init -
[ 17.592206] urngd: v1.0.2 started.
[ 17.597256] kmodloader: loading kernel modules from /etc/modules.d/*
[ 17.653374] NET: Registered PF_ALG protocol family
[ 17.668320] Key type dns_resolver registered
[ 17.683496] RPC: Registered named UNIX socket transport module.
[ 17.683528] RPC: Registered udp transport module.
[ 17.688218] RPC: Registered tcp transport module.
[ 17.693159] RPC: Registered tcp NFSv4.1 backchannel transport module.
[ 17.705554] tun: Universal TUN/TAP device driver, 1.6
[ 17.710657] sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver
[ 17.713643] gre: GRE over IPv4 demultiplexor driver
[ 17.716131] ip_gre: GRE over IPv4 tunneling driver
[ 17.737946] NFS: Registering the id_resolver key type
[ 17.737996] Key type id_resolver registered
[ 17.742069] Key type id_legacy registered
[ 17.748473] cryptodev: driver 1.12 loaded.
[ 17.753245] PPP generic driver version 2.4.2
[ 17.754732] NET: Registered PF_PPPOX protocol family
[ 17.761049] PPTP driver version 0.8.5
[ 17.766235] <NSS-CRYPTO>:module loaded (platform - IPQ806x, build - Build_ID - 07/11/23, 16:45:59)
[ 17.767236] <NSS-CRYPTO>:Register with NSS driver-
[ 17.779185] GACT probability on
[ 17.781425] Mirror/redirect action on
[ 17.787341] u32 classifier
[ 17.787549] input device check on
[ 17.790210] Actions configured
[ 17.799738] fuse: init (API version 7.34)
[ 17.805252] Loading modules backported from Linux version v6.1.24-0-g0102425ac76b
[ 17.805283] Backport generated by backports.git v5.15.92-1-44-gd6ea70fafd36
[ 17.819348] usbcore: registered new interface driver usblp
[ 17.830702] xt_time: kernel timezone is -0000
[ 17.887298] <NSS-CRYPTO>:NSS Firmware initialized
[ 17.887469] <NSS-CRYPTO>:probing engine - 0
[ 17.891065] <NSS-CRYPTO>:Device Tree node found
[ 17.895072] <NSS-CRYPTO>:init completed for Pipe Pair[0]
[ 17.899491] <NSS-CRYPTO>:init completed for Pipe Pair[1]
[ 17.925078] <NSS-CRYPTO>:probing engine - 1
[ 17.925107] <NSS-CRYPTO>:Device Tree node found
[ 17.928132] <NSS-CRYPTO>:init completed for Pipe Pair[0]
[ 17.932680] <NSS-CRYPTO>:init completed for Pipe Pair[1]
[ 17.942924] wireguard: WireGuard 1.0.0 loaded. See www.wireguard.com for information.
[ 17.943456] wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
[ 17.950403] <NSS-CRYPTO>:probing engine - 2
[ 17.960779] <NSS-CRYPTO>:Device Tree node found
[ 17.964762] <NSS-CRYPTO>:init completed for Pipe Pair[0]
[ 17.965189] ath10k_pci 0000:01:00.0: enabling device (0140 -> 0142)
[ 17.969219] <NSS-CRYPTO>:init completed for Pipe Pair[1]
[ 17.981382] ath10k_pci 0000:01:00.0: pci irq msi oper_irq_mode 2 irq_mode 0 reset_mode 0
[ 17.986604] <NSS-CRYPTO>:probing engine - 3
[ 17.994469] <NSS-CRYPTO>:Device Tree node found
[ 17.998355] <NSS-CRYPTO>:init completed for Pipe Pair[0]
[ 18.002859] <NSS-CRYPTO>:init completed for Pipe Pair[1]
[ 25.418623] ath10k_pci 0000:01:00.0: qca9984/qca9994 hw1.0 target 0x01000000 chip_id 0x00000000 sub 168c:cafe
[ 25.418667] ath10k_pci 0000:01:00.0: kconfig debug 0 debugfs 1 tracing 0 dfs 1 testmode 0
[ 25.429626] ath10k_pci 0000:01:00.0: firmware ver 10.4-3.9.0.2-00157 api 5 features no-p2p,mfp,peer-flow-ctrl,btcoex-param,allows-mesh-bcast,no-ps,peer-fixed-rate,iram-recovery crc32 6cdc6ff9
[ 27.708952] ath10k_pci 0000:01:00.0: board_file api 2 bmi_id 0:1 crc32 0bfe5c35
[ 31.464446] ath10k_pci 0000:01:00.0: htt-ver 2.2 wmi-op 6 htt-op 4 cal pre-cal-nvmem max-sta 512 raw 0 hwcrypto 1
[ 31.555018] wlan0: Created a NSS virtual interface
[ 31.556436] ath10k_pci 0001:01:00.0: enabling device (0140 -> 0142)
[ 31.559372] ath10k_pci 0001:01:00.0: pci irq msi oper_irq_mode 2 irq_mode 0 reset_mode 0
[ 32.062706] ath10k_pci 0001:01:00.0: qca9984/qca9994 hw1.0 target 0x01000000 chip_id 0x00000000 sub 168c:cafe
[ 32.062754] ath10k_pci 0001:01:00.0: kconfig debug 0 debugfs 1 tracing 0 dfs 1 testmode 0
[ 32.073730] ath10k_pci 0001:01:00.0: firmware ver 10.4-3.9.0.2-00157 api 5 features no-p2p,mfp,peer-flow-ctrl,btcoex-param,allows-mesh-bcast,no-ps,peer-fixed-rate,iram-recovery crc32 6cdc6ff9
[ 34.354597] ath10k_pci 0001:01:00.0: board_file api 2 bmi_id 0:2 crc32 0bfe5c35
[ 38.131956] ath10k_pci 0001:01:00.0: htt-ver 2.2 wmi-op 6 htt-op 4 cal pre-cal-nvmem max-sta 512 raw 0 hwcrypto 1
[ 38.214616] debugfs: File 'virt_if' in directory 'stats' already present!
[ 38.214936] wlan1: Created a NSS virtual interface
[ 38.223441] kmodloader: done loading kernel modules from /etc/modules.d/*
[ 41.728145] ECM init ( QSDK 12.1.r5_CS1 2022-11-25 1c401a1 )
[ 41.728223] ECM database jhash random seed: 0x8d92d851
[ 41.734286] ECM init complete
[ 44.404059] ipq8064-mdio 37000000.mdio eth0: nss_gmac_start_up: Force link up
[ 44.404097] ipq8064-mdio 37000000.mdio eth0: 1000 Mbps Full Duplex
[ 44.410260] ipq8064-mdio 37000000.mdio eth0: nss_gmac_dev_set_speed:NSS_ETH_CLK_DIV0(0xc) - 0x100
[ 44.416273] ipq8064-mdio 37000000.mdio eth0: nss_gmac_reset: eth0 resetting...
[ 45.522148] ipq8064-mdio 37000000.mdio eth0: GMAC reset completed in 110 jiffies; dma_bus_mode - 0x20100
[ 45.522368] ipq8064-mdio 37000000.mdio eth0: nss_gmac_change_mtu: Enabling Normal Frame MTU (Requested MTU [1500])
[ 45.530766] ipq8064-mdio 37000000.mdio eth0: Set addr a0:04:60:11:77:b6
[ 45.540917] ipq8064-mdio 37000000.mdio eth0: nss_gmac_ipc_offload_init: enable Rx checksum
[ 45.547365] ipq8064-mdio 37000000.mdio eth0: nss_gmac_config_flow_control:
[ 45.555753] ipq8064-mdio 37000000.mdio eth0: nss_gmac_rx_pause_disable: disable Rx flow control
[ 45.562627] ipq8064-mdio 37000000.mdio eth0: nss_gmac_tx_pause_disable: disable Tx flow control
[ 45.571516] ipq8064-mdio 37000000.mdio eth0: nss_gmac_linkup: data plane open command successfully issued
[ 45.591263] ipq8064-mdio 37000000.mdio eth1: nss_gmac_start_up: Force link up
[ 45.591300] ipq8064-mdio 37000000.mdio eth1: 1000 Mbps Full Duplex
[ 45.597386] ipq8064-mdio 37000000.mdio eth1: nss_gmac_dev_set_speed:NSS_ETH_CLK_DIV0(0xc) - 0x100
[ 45.603556] ipq8064-mdio 37000000.mdio eth1: nss_gmac_dev_set_speed: qsgmii_base(0xde8a0000) + PCS_MODE_CTL(0x68): 0x80008082
[ 45.612504] ipq8064-mdio 37000000.mdio eth1: Set addr a0:04:60:11:77:b5
[ 45.623764] ipq8064-mdio 37000000.mdio eth1: nss_gmac_ipc_offload_init: enable Rx checksum
[ 45.630196] ipq8064-mdio 37000000.mdio eth1: nss_gmac_config_flow_control:
[ 45.638446] ipq8064-mdio 37000000.mdio eth1: nss_gmac_rx_pause_disable: disable Rx flow control
[ 45.645387] ipq8064-mdio 37000000.mdio eth1: nss_gmac_tx_pause_disable: disable Tx flow control
[ 45.654100] ipq8064-mdio 37000000.mdio eth1: nss_gmac_linkup: data plane open command successfully issued
[ 45.665366] br-lan: port 1(eth1.1) entered blocking state
[ 45.672388] br-lan: port 1(eth1.1) entered disabled state
[ 45.677854] device eth1.1 entered promiscuous mode
[ 45.683123] device eth1 entered promiscuous mode
[ 45.691338] br-lan: port 1(eth1.1) entered blocking state
[ 45.692529] br-lan: port 1(eth1.1) entered forwarding state
[ 46.060920] wlan0: Destroyed NSS virtual interface
[ 46.120871] wlan1: Destroyed NSS virtual interface
[ 46.386620] debugfs: File 'virt_if' in directory 'stats' already present!
[ 46.386964] phy1-ap0: Created a NSS virtual interface
[ 52.723979] ath10k_pci 0001:01:00.0: Unknown eventid: 36933
[ 52.729367] debugfs: File 'virt_if' in directory 'stats' already present!
[ 52.729682] phy0-ap0: Created a NSS virtual interface
[ 52.737326] br-lan: port 2(phy1-ap0) entered blocking state
[ 52.740437] br-lan: port 2(phy1-ap0) entered disabled state
[ 52.745934] device phy1-ap0 entered promiscuous mode
[ 59.011391] ath10k_pci 0000:01:00.0: Unknown eventid: 36933
[ 59.019567] br-lan: port 3(phy0-ap0) entered blocking state
[ 59.019604] br-lan: port 3(phy0-ap0) entered disabled state
[ 59.024248] device phy0-ap0 entered promiscuous mode
[ 62.333109] EXT4-fs (sda1): mounted filesystem with ordered data mode. Opts: (null). Quota mode: disabled.
[ 66.370389] IPv6: ADDRCONF(NETDEV_CHANGE): phy0-ap0: link becomes ready
[ 66.370546] br-lan: port 3(phy0-ap0) entered blocking state
[ 66.375814] br-lan: port 3(phy0-ap0) entered forwarding state
[ 66.743758] IPv6: ADDRCONF(NETDEV_CHANGE): phy1-ap0: link becomes ready
[ 66.743912] br-lan: port 2(phy1-ap0) entered blocking state
[ 66.749183] br-lan: port 2(phy1-ap0) entered forwarding state
[ 5047.037443] device phy1-ap0 left promiscuous mode
[ 5047.037542] br-lan: port 2(phy1-ap0) entered disabled state
[ 5047.161298] ath10k_pci 0001:01:00.0: could not get mac80211 beacon
[ 5047.263691] ath10k_pci 0001:01:00.0: could not get mac80211 beacon
[ 5047.302148] ath10k_pci 0001:01:00.0: peer-unmap-event: unknown peer id 1
[ 5047.302960] ath10k_pci 0001:01:00.0: peer-unmap-event: unknown peer id 1
[ 5047.396930] device phy0-ap0 left promiscuous mode
[ 5047.397028] br-lan: port 3(phy0-ap0) entered disabled state
[ 5047.520080] ath10k_pci 0000:01:00.0: peer-unmap-event: unknown peer id 1
[ 5047.520144] ath10k_pci 0000:01:00.0: peer-unmap-event: unknown peer id 1
[ 5057.654344] stage2 (5901): drop_caches: 3
[ 5060.276656] UBIFS (ubi0:1): background thread "ubifs_bgt0_1" stops
[ 5060.285518] UBIFS (ubi0:1): un-mount UBI device 0
[ 5061.069361] block ubiblock0_0: released
[ 5064.849007] UBIFS (ubi0:1): default file-system created
[ 5064.849876] UBIFS (ubi0:1): Mounting in unauthenticated mode
[ 5064.859444] UBIFS (ubi0:1): background thread "ubifs_bgt0_1" started, PID 6762
[ 5064.929866] UBIFS (ubi0:1): UBIFS: mounted UBI device 0, volume 1, name "rootfs_data"
[ 5064.929899] UBIFS (ubi0:1): LEB size: 126976 bytes (124 KiB), min./max. I/O unit sizes: 2048 bytes/2048 bytes
[ 5064.936839] UBIFS (ubi0:1): FS size: 82534400 bytes (78 MiB, 650 LEBs), max 661 LEBs, journal size 4190208 bytes (3 MiB, 33 LEBs)
[ 5064.946674] UBIFS (ubi0:1): reserved for root: 3898303 bytes (3806 KiB)
[ 5064.958308] UBIFS (ubi0:1): media format: w5/r0 (latest is w5/r0), UUID 321D3BBC-9A99-4889-8810-20364450E1A7, small LPT model
[ 5064.983706] UBIFS (ubi0:1): un-mount UBI device 0
[ 5064.983770] UBIFS (ubi0:1): background thread "ubifs_bgt0_1" stops
[ 5065.006007] qcom_scm firmware:scm: No available mechanism for setting download mode
[ 5065.006089] reboot: Restarting system
openwrt-23.05-nss#
I agree that my test and feedback was minimal but I really needed to get work done, me and my wife were both working from home. And with vpn crashing (+all my Teams & sapgui sessions breaking) constantly, I got beatings from colleagues too.
Anyway it was absolutely my fault to test this on a working day, on the main router. I was too trustworthy on the stability of the build, based on the feedback I received when asking beforehand.
Soit, my router install was 99.99% Virgin, I wiped it when upgrading from a pre-18 release. No extra HW, no extra installed SW, only wireless settings security done.
I'm happy to put it on again, maybe at a less critical time, as I can always go back to a working install in no time. Then I can check other settings to try to get it more stable.
Thanks for all effort, I'm sure it can work fine. It was just v bad timing to try this out.
Put your custom commands here that should be executed once
the system init finished. By default this file does nothing.
modprobe nss-ifb
ip link set up nssifb
Shape ingress traffic to 450 Mbit with chained NSSFQ_CODEL
tc qdisc add dev nssifb root handle 1: nsstbl rate 450mbit burst 450kb
tc qdisc add dev nssifb parent 1: handle 10: nssfq_codel limit 10240 flows 1024 quantum 300 target 2.5ms interval 25ms set_defaultShape egress traffic to 450 Mbit with chained NSSFQ_CODEL
tc qdisc add dev eth0 root handle 1: nsstbl rate 450mbit burst 450kb
tc qdisc add dev eth0 parent 1: handle 10: nssfq_codel limit 10240 flows 1024 quantum 300 target 2.5ms interval 25ms set_defaultexit 0
friend, what should I modify here for a 300MB download connection and 900MB upload? all numbers 400?
thank you,
My ISP's speed test gives me a speed of 475/475 mbps.
So I set 450/450, which is 95% of that value.
Maybe your ISP offers a speed of 300/900, then you can set it up like this.
tc qdisc add dev nssifb root handle 1: nsstbl rate 300mbit burst 300kb
tc qdisc add dev nssifb parent 1: handle 10: nssfq_codel limit 10240 flows 1024 quantum 300 target 2.5ms interval 25ms set_default
tc qdisc add dev eth0 root handle 1: nsstbl rate 900mbit burst 900kb
tc qdisc add dev eth0 parent 1: handle 10: nssfq_codel limit 10240 flows 1024 quantum 300 target 2.5ms interval 25ms set_default
1 Like
Does anyone want to test my new build?
I've modified a few things in ACwifidude's build.
kmod-ovpn-dco package and others are enabled.
3 Likes
Dear ocformula,
I will be much obliged to give your build a try. Thanks for all you do.
Peace
Hello, not sure it's the right place to ask that, sorry in advance if it's not the case
I have 2 R7800 running NSS enabled builds from @ACwifidude , based on 22.03 stable (2 different snapshots at different dates).
I'd like to play a little bit with mdadm tool and RAID stuff but can't install anything due to kernel dependency missing for the raid kernel modules that opkg wants to install. I'm a little bit puzzled on how I should proceed to get and install the right packages versions.
Should I configure opkg to use another packages repository?
Should I use another build based on master or 23.05?
Regards, Etienne.
The modules you need are gone. Once a rebase including a kernel bump was done they disappeared for good.
Besides not sure if @ACwifidude builds the raid modules.
You will need to build your own image.
You could also try any of the builds I have posted on this thread (usually long posts, sorry). The modules you need should be in their repos. You should be able to sysupgrade to any of those builds keeping your configuration and then either manually copy packages in and install, or better yet point opkg to GitHub (details on my posts) to have it install what you need.
thankds @apccv for the reply. You're confirming what I was thinking, I couldn't retrieve modules versions corresponding to my image as it's a snapshot and modules versions in that repository evolve in time.
I already checked @ACwifidude packages repository and raid modules are not present.
So the solution would be to rebuild my own NSS enabled image, based on a stable release of OpenWRT in order to maintain the availability of modules in time, which is somehow what you did if I understand well.
edit: and anyway, thanks for the length of your posts, there are valuable info there.
https://forum.openwrt.org/t/is-openvpn-dco-supported/165801
Unless you've hacked in openVPN 2.6x, doesn't your build have 2.5x, which doesn't support DCO?
In case anyone wants to try it out... here is the 23.05.0-rc2 "as close to vanilla as possible with NSS support" build.
Images for all supported devices in the bin directory.
Feel free to check the commit history on this or any of the previous repos. It is usually clear from it which commits need to be cherry-picked to add NSS to the vanilla image.
config.nss has the basic ipq806x build conf plus 9 lines to add NSS support. Same packages as the vanilla build. Everything else you might need is available in repo. If there is interest I can post the ImageBuilder online and add a link here.
Similar to previous builds:
- All
genericimages are built. All modules are built. - Key for package signature verification is in
opkg-keyfolder and can be copied to/etc/opkg/keysdirectory after flash to use this repo for packages. -
/etc/opkg/distfeeds.confcan be updated after flash to point to this repo for packages. Replacehttps://downloads.openwrt.org/releases/23.05.0-rc2/targets/ipq806x/generic/packages/url withhttps://raw.githubusercontent.com/APCCV/OpenWRT-23.05.0-rc2-NSS/v23.05.0-rc2/bin/targets/ipq806x/generic/packages/. Should look like this:
#src/gz openwrt_core https://downloads.openwrt.org/releases/23.05.0-rc2/targets/ipq806x/generic/packages
src/gz openwrt_core https://raw.githubusercontent.com/APCCV/OpenWRT-23.05.0-rc2-NSS/v23.05.0-rc2/bin/targets/ipq806x/generic/packages
src/gz openwrt_base https://downloads.openwrt.org/releases/23.05.0-rc2/packages/arm_cortex-a15_neon-vfpv4/base
src/gz openwrt_luci https://downloads.openwrt.org/releases/23.05.0-rc2/packages/arm_cortex-a15_neon-vfpv4/luci
src/gz openwrt_packages https://downloads.openwrt.org/releases/23.05.0-rc2/packages/arm_cortex-a15_neon-vfpv4/packages
src/gz openwrt_routing https://downloads.openwrt.org/releases/23.05.0-rc2/packages/arm_cortex-a15_neon-vfpv4/routing
src/gz openwrt_telephony https://downloads.openwrt.org/releases/23.05.0-rc2/packages/arm_cortex-a15_neon-vfpv4/telephony
#src/gz openwrt_nss https://downloads.openwrt.org/releases/23.05.0-rc2/packages/arm_cortex-a15_neon-vfpv4/nss
In all it's glory:
BusyBox v1.36.1 (2023-06-26 11:20:39 UTC) built-in shell (ash)
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt 23.05.0-rc2, r23228-cd17d8df2a
-----------------------------------------------------
Seems to be doing something (testing as an AP)...
root@OpenWrt:~# cat /sys/kernel/debug/qca-nss-drv/stats/virt_if
if_num 33 stats start:
rx_packets = 6081962
rx_bytes = 3986460368
rx_dropped = 54147
tx_packets = 6749073
tx_bytes = 150048410
tx_enqueue_failed = 0
shaper_enqueue_failed = 0
ocm_alloc_failed = 0
if_num 33 stats end:
base node stats begin (shown on if_num 33):
active_interfaces = 4
ocm_alloc_failed = 0
ddr_alloc_failed = 0
base node stats end.
Behaves as expected (WiFi):
2 Likes
Probably yes. The DCO included in the build won't do anything.
I didn't apply any patches, just added a setting in the config file.
I know that the SSL/TLS libraries used in OpenWrt are mbedtls, wolfssl, and openssl.
But most of the NSS support builds I've seen here are built with packages that use openssl, like wpad-openssl, openvpn-openssl, etc.
Is it that NSS has hardware acceleration of SSL/TLS, and only openssl supports it?
1 Like
NSS unfortunately does not accelerate anything with encryption with OpenWrt. OpenSSL is just a preference and is pretty compatible. Any of those SSL libraries should work fine. 
p.s. updated the 23.05 and Master builds today. Added in @KONG sqm scripts for people to play with if they need easier SQM. Thanks @KONG for the great work!
7 Likes
well, i mean, it can
it just breaks at a certain block size and isn't fast enough to justify the trade off
While running the image I built, I saw the following messages in the system log.
Did I configure something incorrectly?
Has anyone seen the following message in the log?
Wed Jul 19 20:29:54 2023 kern.info kernel: [56816.109421] mdio-gpio mdio eth1: nss_gmac_xmit_frames: dropping skb
Wed Jul 19 20:29:58 2023 kern.info kernel: [56820.502348] mdio-gpio mdio eth1: nss_gmac_xmit_frames: dropping skb
Wed Jul 19 20:30:02 2023 kern.info kernel: [56824.067577] mdio-gpio mdio eth1: nss_gmac_xmit_frames: dropping skb
Wed Jul 19 20:36:26 2023 kern.info kernel: [57208.199587] mdio-gpio mdio eth0: nss_gmac_xmit_frames: dropping skb
Wed Jul 19 20:36:26 2023 kern.info kernel: [57208.207267] mdio-gpio mdio eth0: nss_gmac_xmit_frames: dropping skb
Wed Jul 19 20:36:29 2023 kern.info kernel: [57211.137503] mdio-gpio mdio eth0: nss_gmac_xmit_frames: dropping skb
Wed Jul 19 20:36:29 2023 kern.info kernel: [57211.169930] mdio-gpio mdio eth0: nss_gmac_xmit_frames: dropping skb
Wed Jul 19 20:36:30 2023 kern.info kernel: [57212.257344] mdio-gpio mdio eth0: nss_gmac_xmit_frames: dropping skb
Wed Jul 19 20:36:31 2023 kern.info kernel: [57212.652362] mdio-gpio mdio eth0: nss_gmac_xmit_frames: dropping skb
Wed Jul 19 20:36:31 2023 kern.info kernel: [57212.726622] mdio-gpio mdio eth0: nss_gmac_xmit_frames: dropping skb
Wed Jul 19 20:36:36 2023 kern.info kernel: [57218.018370] mdio-gpio mdio eth0: nss_gmac_xmit_frames: dropping skb
Wed Jul 19 20:36:52 2023 kern.info kernel: [57233.677932] mdio-gpio mdio eth0: nss_gmac_xmit_frames: dropping skb
Wed Jul 19 20:36:52 2023 kern.info kernel: [57233.702359] mdio-gpio mdio eth0: nss_gmac_xmit_frames: dropping skb
whose build / archive / version ?
any build of openwrt 23.05.0-rc2 with nss
I haven't been active here for a while, for this very reason: I got a x86 mini pc for routing and configured all my R7800's and a single C2600 as dumb AP. But all dumb AP's run the NSS build from ACwifidude. I too want to regularly update devices, router and dumb AP's. Now when I'm honest, I haven't updated those devices the last 7-9 months or so because it's all darn stable. And fast.
I just read this post from @apccv and this is the reason I still use the NSS build from @ACwifidude on my dumb AP's. I haven't done much measurements back then but I came to the same conclusion that what ACwifidude did to implement NSS also benefits wifi. I run my R7800's with a fixed CPU frequency and they're pretty darn stable with that (with a build from somewhere around November 2022).
Now I have been looking at IPQ807x development but don't really need to upgrade for the sake of WiFi speed. I did want speed and stability on my 1Gbit/s symmetrical Ftth connection and good SQM. So I decided to repurpose my routing-R7800 as a dumb AP and purchased a small x86 mini PC (Intel N5105) which hardly breaks any sweat at all. It's a massive overkill on CPU power but it's just about the same in power consumption as a R7800.
The culmination of my efforts and tweaking WiFi with separate vlan's for traffic and dedicated SSID's on 5GHz for user devices and 2.4GHz for IoT devices was when our child had a Teams meeting with someone the other day. The meeting included audio and video. The call was started on the attic, then moved to the second floor through all rooms, then moved to the ground floor, then went outside around the house on a regular laptop and not once did the Teams call stutter. I was working from home during that Teams call. During this walkabout in and around the house with only 5GHz WiFi was an excellent test that showed me fast roaming works as intended too, since I have 3 R7800's and one C2600 scattered throughout the house. All are connected to the x86 mini PC with a LAN cable.
It took me a few years to learn the hard way but I'm very, very pleased with how this has been working so far. With commercial hardware I would've spent around €800 to €1000 I guess. But by using solely OpenWRT and the awesome community I've spent around €110 on used R7800's and a C2600 and around €200 on the N5105 mini PC. And I have more control on what happens in my network.
7 Likes