I dont know its NSS related or openwrt bug, but if i do /etc/init.d/firewall reload, then the 'hardware nat rule' (-A FORWARD -m physdev --physdev-is-bridged -j ACCEPT) inserted in the top of FORWARDING chain.. basically it keeps adding the rule into the top on every reload.
its fixable with editing /etc/firewall.d/qca-nss-ecm to remove the rule first:
iptables -D FORWARD -m physdev --physdev-is-bridged -j ACCEPT
iptables -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT
Hey @ACwifidude,
Thanks so much for this build! I am testing now on the TP-Link C2600. I was running the previous build, 'C2600-20201231-MasterNSS-sysupgrade', without any issues. I have since updated to 'C2600-20210112-MasterNSS-sysupgrade', and now all my wireless clients are having issues. When looking at the RX rate it shows as 0.0mbps. Can you pleaes tell me what information I can provide to you such that we can properly diagnose this?
Also I have been playing around with DAWN and have been playing around with my 2 TP-Link C2600's. Everything is working perfectly using your build, i.e. i can see both AP's in the hearing map and network overview. Howecer, when building the firmare from the latest snapshots, and when installing the packages 'dawn' and 'luci-app-dawn', the AP's can no longer see each other....... All configuration is the same between the latest snapshot build I compiled and your builds (I have checked the 'retain settings' checkbox when switching between firmwares). Can you please provide some insight as to if there are any behind the scenes settings that you have tweaked to get it to recognise and see other AP's in the network.
Cheers,
dazzsser
The 5.4 => 5.8 patch is causing issues for ipq8064 devices. Keep with the 12/31 build until I find a fix.
I worked on it yesterday. Had to redo the C2600.dts with all the changes in master.
FWIW, The 12/31 build hung my router (R7800), but the 1/12 does not hang. I installed it at 10:33pm last night and it rebooted at ~ 6:00am this morning. Still running it, now up ~ 9 hrs.
Updated the build:
Hey @ACwifidude,
I have flashed the "C2600-20210116-MasterNSS-sysupgrade" firmware and I am still experiencing the same issue. Please let me know what I can do to help diagnose this.
Cheers,
dazzsser
Hello
Yesterday I wanted to give this a try for the first time so I factory-installed the firmware on my r7800 and this morning I sysupgraded because I couldn't install nfs-kernel-server (requires kernel 5.4.89 and this build has 5.4.85-1). Now I read here that the kernel is older in this latest build.
I had a look at the commit and I see some kernel modules have a version specified.
Can I install the module ignoring dependencies anyhow?
Should the build include that kernel module pinned to the kernel version?
It is related to the wifi offload patch. Iāll revert the patch and wifi should work great.
Iāve tried two different .dts configurations and donāt know if it is the .dts or the wifi patch that is the source of the issue. Wifi worked before so it is easier to revert to known working status.
With the custom commits the kernel version isnāt the same so any package that requires a kmod is going to complain about the version number.
You have two options - you can try to force the software to install or you can build from scratch. I always prefer building from scratch. Opkg doesnāt check for compatibility and you may run in to issues down the road.
Hey @ACwifidude
I'm interested in building my own, custom image, with baked in packages (eg. like samba4), based on your repo.
I only want/need an image for Netgear R7800 (not the other targets/profiles).
So, following the guidance in post #2 of this thread, I've adjusted my .config to include only;
CONFIG_TARGET_ipq806x=y
CONFIG_TARGET_ipq806x_generic=y
CONFIG_TARGET_ipq806x_generic_DEVICE_netgear_r7800=y
CONFIG_HAS_SUBTARGETS=y
CONFIG_HAS_DEVICES=y
CONFIG_TARGET_BOARD="ipq806x"
CONFIG_TARGET_SUBTARGET="generic"
CONFIG_TARGET_PROFILE="DEVICE_netgear_r7800"
....truncated for brevity ....
Yet, when I do a make, I get images for;
Why do I get all these images when I do a make, when the only one I'm interested in is R7800?
What am I doing wrong?
EDIT: Uggg, never mind. I'm a dork.
I just realized that your repo includes pre-built images (in ./bin/targets/...) which remain even after doing a make, since I had forgotten to do a make clean
This NSS work is great!
Has any thought been given to bringing it to upstream OpenWrt? Thereās no reason that vanilla OpenWrt on ipq806x shouldnāt be able to handle gigabit line speeds. Have you raised the possibility on openwrt-devel yet?
I would love to make it mainstream. Iāll need some help with cleaning and organizing the commits to cleanly be able to put it in to master. An experimental cache scaling patch is embedded that is not related to NSS so weād have to pull the two apart.
Itāll need to be divided by feature, ex:
Iāve been working on the .dts / .dtsi changes to allow for as many ipq806x devices to join in. 
By building from scratch you mean to clone your repo and follow the instructions to build my own firmware image?
Once I get around that process I gues is just adding the kernel modules that I want included to the list.
Am I right?
Hello everyone, I just wanted to share my experiences with "R7800-20210112-MasterNSS" here.
Sorry, my english is not the best!
As far as I can tell, everything works perfectly and stably so far. Sometimes I have the impression that the line would break in earlier than usual when the upload is exhausted. But these can also be network problems at isp.
I have had a line upgrade to 1 GBps for a few weeks. Before I had a TP-Link Archer C7, now a Netgear R7800 and 4 TP-Link RE450s as dump APs.
Wifi works with the same ssid's (2.4 + 5 GHz), different channels and 802.11r (ft over air) smooth and without problems.
Speedtest with hardwired iMac, a vodafone cable (germany) 1 Gbps line and vodafone modem in bridge mode (dhcp, no pppoe for openwrt router)
TP-Link Archer C7, OpenWRT 19.07.5 stable, without sqm, without software flow offloading
CPU at 100%, line link unstable
TP-Link Archer C7, OpenWRT 19.07.5 stable, without sqm, with software flow offloading
CPU at 100%, line link unstable
Netgear R7800, OpenWRT 19.07.5 stable, without sqm, without software flow offloading
CPU at 90-95%, line stable
Netgear R7800, OpenWRT 19.07.5 stable, without sqm, with software flow offloading
CPU at 90-95%, line stable
Netgear R7800, OpenWRT MasterNSS 20210112, without sqm
CPU at 3-7%, line stable
I'm very happy with this MasterNSS build. Thanks @ACwifidude for your hard work!
I still have two little questions:
In the OpenWRT stable build I was able to use my "external" DDNS alias, including the forwarded port, internally. On the MacBook, which is also used at home, it's simply practical not to have to mess around with the URLs.
For example for internal websites, I use https://h0me.foo.bar:12345/mon/check_mk/, with the MasterNSS build I must use https://192.168.137.10/mon/check_mk. Loopback? Why is it? Can i fix it?
Is there a tool / plug-in for OpenWRT on the main router (R7800), in the best case for Luci, which shows me on which wifi-client is connected over which of the 4 dump APs? I often lack an overview, purely out of interest. With 802.11r and FT over the air it is still much difficult to find out the AP over luci on each webinterface. Thanks for tips!
Greetings from Germany,
Nico
# NSS Firewall Tweaks
iptables -D FORWARD -m physdev --physdev-is-bridged -j ACCEPT
iptables -I FORWARD 1 -m physdev --physdev-is-bridged -j ACCEPT
Updates:
Great !
thanks
OK, too bad! 
Can not do anything about it! Strange that there is no such thing or that it does not work technically. 
Thanks, but doesn't work for me. 
# openwrt router - refused
root@router:~# nc nch0me.foo.bar 12345
nc: can't connect to remote host (188.192.251.XX): Connection refused
# iMac in local network - not refused, timed out, not accessible
nicoh@imac:~# nch0me.foo.bar 12345 -v
nc: connectx to nch0me.foo.bar port 12345 (tcp) failed: Operation timed out
# any root-server in a datacenter - good, accessible
root@nh:~# nc h0me.foo.bar 12345 -v
h0me.foo.bar [188.192.251.XX] 12345 (?) open
Any other ideas? Thanks
Observing potentially glitchy WiFi transition behavior compared to regular master/hnyman builds.
I have a secondary wired router acting as a wireless extender, also running OpenWRT, without 802.11r. Just bog-standard configuration.
Same goes for this one's WiFi configuration.
When I play a Youtube livestream with the phone connected to the secondary router, and then walk up to the R7800 running this NSS build, the WiFi transition happens seamlessly as it did before, the signal strength was going down and then it suddenly fills up - but the Youtube video will start buffering for several seconds before resuming.
This doesn't happen on regular builds (the livestreams just keep playing), but with NSS-2021-01-17 I can replicate it every time. I suspect it's hard to troubleshoot though.
What does the wireless config look on both devices? Both devices running dawn?