Ipq806x NSS build (Netgear R7800 / TP-Link C2600 / Linksys EA8500)

Well, you're surely right, considering the big picture of OWRT.
But I think considering the limited space routers have, and the various use cases that only here in the thread we have, that custom online imagebuilder would be very practical to virtually everybody.

I mean, the firmware selector is one of the most beautiful things owrt came up with in the last decade, to allow widespread adoption of the firmware! It's a pity to fall in caveats where it is not viable anymore, like with this fantastic NSS build.

But as you already said, if you know the advantages of this build, the jump to attempt building your own image with all needed kmods and ipk is relatively small. I'm one of those simpelsimples taking advantages of a proper linux router without knowing much of linux itself, unfortunately. Every accomplishment in that sense means some weeks of steep learning curve, and I already see you struggling with pulls and commits! Immagine me, on a VM, trying to remember how to put osboxes.org in the sudoers! :sweat_smile:

It's all good stuff.

Now I get what you are after. That's not the firmware selector AFAIK. Closest you can get to that is using the Image Builder and I think that has a very limited appeal for these devices given how much flash they have.

If anyone needs an image, the base image is most of the time enough. For most people the router just needs to route. Anything additional that is already in their wish list (USB support, SAMBA) might already be there... so taking ACwifidude's builds is probably more than enough.

The little value I've brought to this thread is one small commit that allows 22.03.2 (&3) to build with all base modules and a repo with those frozen in time. This addresses my problem of needing to add/drop modules without having to worry about reflashing because ACwifidude's images have been rebased. Anyone wanting to experiment can then add modules as they see fit at a later date, or add stuff not in ACwifidude's build. No need really to build an image and squashfs everything unless really cramming the flash with stuff. (How much do you need there anyways? It's not that you should be using free flash space to write non-OS files like media... it's not going to last long if used like that). If using my repo, LUCI will let you install any additional modules after flash via the UI, or opkg via shell.

Some other people here have very specific builds that work exclusively for them. I would not be comfortable with any of those unless I go through the commits or changes with a fine tooth comb. No offense, but I need to know what I'm running and the customizations might do more harm than good for what I need.

So in short... if you know what you need the router to do and want NSS, posts 1 & 2 have probably all you need. If you need more than that (like NFS, or some other packet driver for like a LTE dongle) and can live with a 22.03 build instead of snapshot, I suggest my repo. Ditto if you want to play and try out different kmods on 22.03 without doing a build.

If you are after anything more sophisticated than that, an image builder won't help much. You are looking at a custom build instead. Someone here might have built what you are looking for, but those are one-offs.

1 Like

I've created an SQM script for the NSS fq-codel scheduler which allows (re)configuration from LUCI without rebooting or messing around with tc:

If you've added the the tc qdisc statements from post #2 to /etc/rc.local you can/need to remove them. Note that this script does not really do anything different from that config, it just makes it easier to tweak the settings.

Hope it's useful to some of you.

7 Likes

For what it's worth, I tried lowering the ATH10K_NAPI_BUDGET to 8 on my 22.03 build and I didn't find any significant difference - not in CPU load, throughput or latency.

RRUL upload is still 2-4x higher than download.

Quickly updating nss master using ACwifidude's repo.

Current OpenWrt SNAPSHOT r22104+15-01262c921c / LuCI Master git-23.039.28596-41e9b8d|
Kernel Version 5.15.94

create 'openwrt' folder.
chmod 755 openwrt
git clone -b master https://github.com/openwrt/openwrt.git
cd openwrt
git remote add oldrepo https://github.com/ACwifidude/openwrt.git
git remote update
git cherry-pick 7112c43ba1f3d3b0ca3565d8bb1a3c8347e51f93
git cherry-pick b2869d0916b57bc596dc29c528147e5b9adacf02
git cherry-pick b157d4431289b85e34922b7f75f3211d7c2e2a74
git cherry-pick a9791db9388001df349ea9085d723daa2859c85d
git cherry-pick 9533fa7ac478643aca3e2a01e100e93f6e9e899f
git cherry-pick e91ffd20b984c24da7492510c6b759d8ef282dac
git cherry-pick db33232a1b7ce49a150b71025ef4d95256c153f2
git cherry-pick fa260b66cce4bfac2bf0c8db19f40f59d420f75d
git cherry-pick 164c783163465899c1dfb2847927b7906dcda4bd
git cherry-pick 6c78302e8fb1f701290b6dc4d0c8ab80b51ad467
git cherry-pick ad59f0dc053420d992e22bd5d3ded6d7d6ee6b1c
git cherry-pick 6b8cd38f8f379455bcf5b7186b5d36bb8760e93f
git cherry-pick 814cfb9ea486d3217d254f728293e7762cdade53
git cherry-pick 4418ce4b781c1b7b1e5fde34bfb8c6ae72323221
git cherry-pick b55ebb2d88b47b705003b4325a43fe7df3b9200f
git remote remove oldrepo
git checkout master
git remote add upstream https://git.openwrt.org/openwrt/openwrt.git
git fetch upstream && git rebase upstream/master
git status

now copy diffconfig to 'openwrt'

./scripts/feeds update -a && ./scripts/feeds install -a && cp diffconfig .config && make defconfig && ./scripts/getver.sh

make clean && make download && make -j9 V=s

terminal

virtual-machine:~/Downloads$ chmod 755 openwrt
virtual-machine:~/Downloads$ git clone -b master https://github.com/openwrt/openwrt.git
Cloning into 'openwrt'...
remote: Enumerating objects: 635344, done.
remote: Counting objects: 100% (64/64), done.
remote: Compressing objects: 100% (45/45), done.
remote: Total 635344 (delta 20), reused 50 (delta 19), pack-reused 635280
Receiving objects: 100% (635344/635344), 235.11 MiB | 32.11 MiB/s, done.
Resolving deltas: 100% (425698/425698), done.
virtual-machine:~/Downloads$ cd openwrt
virtual-machine:~/Downloads/openwrt$ git remote add oldrepo https://github.com/ACwifidude/openwrt.git
virtual-machine:~/Downloads/openwrt$ git remote update
Fetching origin
Fetching oldrepo
remote: Enumerating objects: 3478, done.
remote: Counting objects: 100% (477/477), done.
remote: Total 3478 (delta 477), reused 477 (delta 477), pack-reused 3001
Receiving objects: 100% (3478/3478), 446.68 MiB | 31.25 MiB/s, done.
Resolving deltas: 100% (765/765), completed with 91 local objects.
From https://github.com/ACwifidude/openwrt
 * [new branch]            kernel5.10-nss-qsdk10.0 -> oldrepo/kernel5.10-nss-qsdk10.0
 * [new branch]            kernel5.15-nss-qsdk11   -> oldrepo/kernel5.15-nss-qsdk11
 * [new branch]            kernel5.4-nss-qsdk10.0  -> oldrepo/kernel5.4-nss-qsdk10.0
 * [new branch]            openwrt-21.02-nss-qsdk10.0 -> oldrepo/openwrt-21.02-nss-qsdk10.0
 * [new branch]            openwrt-22.03-nss-qsdk10.0 -> oldrepo/openwrt-22.03-nss-qsdk10.0
virtual-machine:~/Downloads/openwrt$ git cherry-pick 7112c43ba1f3d3b0ca3565d8bb1a3c8347e51f93
Auto-merging target/linux/ipq806x/config-5.15
[master 29ad26c71a] ipq806x: NSS Hardware Offloading Config5-15
 Author: ACwifidude 
 Date: Fri Sep 30 09:54:44 2022 -0500
 1 file changed, 1 insertion(+)
virtual-machine:~/Downloads/openwrt$ git cherry-pick b2869d0916b57bc596dc29c528147e5b9adacf02
[master cef96c3a45] ipq806x: NSS Hardware Offloading Target Files
 Author: ACwifidude 
 Date: Thu Oct 13 08:17:50 2022 -0500
 5 files changed, 699 insertions(+)
 create mode 100644 target/linux/ipq806x/files-5.15/include/linux/regulator/nss-volt-ipq806x.h
 create mode 100644 target/linux/ipq806x/files-5.15/include/net/netfilter/nf_conntrack_dscpremark_ext.h
 create mode 100644 target/linux/ipq806x/files-5.15/include/soc/qcom/socinfo.h
 create mode 100644 target/linux/ipq806x/files-5.15/include/uapi/linux/tc_act/tc_nss_mirred.h
 create mode 100644 target/linux/ipq806x/files-5.15/net/netfilter/nf_conntrack_dscpremark_ext.c
virtual-machine:~/Downloads/openwrt$ git cherry-pick b157d4431289b85e34922b7f75f3211d7c2e2a74
[master 12215c85d4] ipq806x: NSS Hardware Offloading Target Core and ECM patches
 Author: ACwifidude 
 Date: Thu Oct 13 08:25:59 2022 -0500
 9 files changed, 2249 insertions(+)
 create mode 100644 target/linux/ipq806x/patches-5.15/999-000-Regulator-Add-NSS-VOLT.patch
 create mode 100644 target/linux/ipq806x/patches-5.15/999-002-nss-core-and-crypto-clocks.patch
 create mode 100644 target/linux/ipq806x/patches-5.15/999-003-qca-nss-gmac-of-net-return.patch
 create mode 100644 target/linux/ipq806x/patches-5.15/999-100-qca-nss-ecm-support-CORE.patch
 create mode 100644 target/linux/ipq806x/patches-5.15/999-101-qca-nss-ecm-add-chain-events-dscp-remark.patch
 create mode 100644 target/linux/ipq806x/patches-5.15/999-102-qca-nss-ecm-add-pppoe-offload.patch
 create mode 100644 target/linux/ipq806x/patches-5.15/999-103-qca-nss-ecm-add-bridge-mgr.patch
 create mode 100644 target/linux/ipq806x/patches-5.15/999-104-qca-nss-ecm-add-bonding.patch
 create mode 100644 target/linux/ipq806x/patches-5.15/999-105-qca-nss-ecm-add-macvlan.patch
virtual-machine:~/Downloads/openwrt$ git cherry-pick a9791db9388001df349ea9085d723daa2859c85d
[master 3cc8e6082a] ipq806x: NSS Hardware Offloading qdisc patches
 Author: ACwifidude 
 Date: Fri Sep 30 11:21:00 2022 -0500
 6 files changed, 1216 insertions(+)
 create mode 100644 target/linux/ipq806x/patches-5.15/999-200-qca-nss-drv-qdisc-support.patch
 create mode 100644 target/linux/ipq806x/patches-5.15/999-201-qca-nss-clients-qdisc-support.patch
 create mode 100644 target/linux/ipq806x/patches-5.15/999-202-qca-nss-clients-l2tp-support.patch
 create mode 100644 target/linux/ipq806x/patches-5.15/999-203-qca-nss-clients-ppptp-support.patch
 create mode 100644 target/linux/ipq806x/patches-5.15/999-204-qca-nss-clients-iptunnel-support.patch
 create mode 100644 target/linux/ipq806x/patches-5.15/999-205-qca-nss-clients-vxlan-support.patch
virtual-machine:~/Downloads/openwrt$ git cherry-pick 9533fa7ac478643aca3e2a01e100e93f6e9e899f
[master 04641fde41] ipq806x: NSS Hardware Offloading additional patches
 Author: ACwifidude 
 Date: Thu Oct 13 08:30:39 2022 -0500
 4 files changed, 1227 insertions(+)
 create mode 100644 target/linux/ipq806x/patches-5.15/999-300-qca-mcs-support.patch
 create mode 100644 target/linux/ipq806x/patches-5.15/999-500-qca-nss-cfi-support.patch
 create mode 100644 target/linux/ipq806x/patches-5.15/999-600-disable-unused-nss-feat.patch
 create mode 100644 target/linux/ipq806x/patches-5.15/999-800-qca-nss-ecm-12.1-drop-unused.patch
virtual-machine:~/Downloads/openwrt$ git cherry-pick e91ffd20b984c24da7492510c6b759d8ef282dac
[master 50400dafe4] ipq806x: NSS Hardware Offloading iproute2 patches
 Author: ACwifidude 
 Date: Fri Sep 30 11:26:49 2022 -0500
 4 files changed, 2349 insertions(+), 2 deletions(-)
 create mode 100644 package/network/utils/iproute2/patches/130-no_netem_tipc_dcb_man.patch
 create mode 100644 package/network/utils/iproute2/patches/400-add-nss-qdisc.patch
 create mode 100644 package/network/utils/iproute2/patches/500-add-nssmirred.patch
virtual-machine:~/Downloads/openwrt$ git cherry-pick db33232a1b7ce49a150b71025ef4d95256c153f2
[master 1ec225e164] ipq806x: NSS Hardware Offloading mac80211 support
 Author: ACwifidude 
 Date: Fri Sep 30 11:33:18 2022 -0500
 2 files changed, 310 insertions(+), 4 deletions(-)
 create mode 100644 package/kernel/mac80211/patches/subsys/999-mac80211-NSS-support.patch
virtual-machine:~/Downloads/openwrt$ git cherry-pick fa260b66cce4bfac2bf0c8db19f40f59d420f75d
[master a4b8198b65] ipq806x: Optimize CPU up threshold
 Author: ACwifidude 
 Date: Sat Oct 1 12:53:39 2022 -0500
 1 file changed, 4 insertions(+), 2 deletions(-)
virtual-machine:~/Downloads/openwrt$ git cherry-pick 164c783163465899c1dfb2847927b7906dcda4bd
[master 3de968abb6] Add NSS Package Feed
 Author: ACwifidude 
 Date: Thu Oct 13 08:36:11 2022 -0500
 1 file changed, 1 insertion(+)
virtual-machine:~/Downloads/openwrt$ git cherry-pick 6c78302e8fb1f701290b6dc4d0c8ab80b51ad467
[master e03aaa5829] ipq806x: NSS Hardware Offloading dts patch
 Author: ACwifidude 
 Date: Fri Sep 30 11:33:52 2022 -0500
 1 file changed, 628 insertions(+)
 create mode 100644 target/linux/ipq806x/patches-5.15/990-000-Add-required-entries-in-dts-files-for-NSS-support.patch
virtual-machine:~/Downloads/openwrt$ git cherry-pick ad59f0dc053420d992e22bd5d3ded6d7d6ee6b1c
[master be76eebdfc] ipq806x: Fix Reference to non-existent node or label "smb208_s1b"
 Author: Qosmio <>
 Date: Mon Oct 24 22:26:27 2022 -0400
 1 file changed, 79 insertions(+)
 create mode 100644 target/linux/ipq806x/patches-5.15/990-001-Fix-missing-smb208-v1.0-nss-regulator.patch
virtual-machine:~/Downloads/openwrt$ git cherry-pick 6b8cd38f8f379455bcf5b7186b5d36bb8760e93f
[master e0a6b63dc1] ipq806x: Fix incorrect pointer type .parent_names to parent_data
 Author: Qosmio <>
 Date: Mon Oct 24 22:32:17 2022 -0400
 1 file changed, 8 insertions(+), 8 deletions(-)
virtual-machine:~/Downloads/openwrt$ git cherry-pick 814cfb9ea486d3217d254f728293e7762cdade53
[master 828697c442] dmac clean range patch
 Author: ACwifidude 
 Date: Tue Nov 1 15:12:32 2022 -0500
 1 file changed, 144 insertions(+)
 create mode 100644 target/linux/ipq806x/patches-5.15/999-001-Revert-ARM-dma-mapping-remove-dmac_clean_range-and-d.patch
virtual-machine:~/Downloads/openwrt$ git cherry-pick 4418ce4b781c1b7b1e5fde34bfb8c6ae72323221
[master 553a3788b1] ipq806x: fix l2tpv2 and tunipip6 NSS offloading, add WG2600HP support
 Author: Takashi ISHIKAWA <tishi-github@tthy.org>
 Date: Tue Nov 15 22:50:27 2022 +0900
 4 files changed, 524 insertions(+)
 create mode 100644 target/linux/ipq806x/patches-5.15/999-004-fix-socinfo.patch
 create mode 100644 target/linux/ipq806x/patches-5.15/999-005-add-wg2600hp-nss-support.patch
 create mode 100644 target/linux/ipq806x/patches-5.15/999-206-qca-nss-clients-l2tp-offloading-support.patch
 create mode 100644 target/linux/ipq806x/patches-5.15/999-207-qca-nss-clients-iptunnel-lock-this-cpu.patch
virtual-machine:~/Downloads/openwrt$ git cherry-pick b55ebb2d88b47b705003b4325a43fe7df3b9200f
[master 949be4137b] fix mac80211 NSS patch
 Author: ACwifidude 
 Date: Mon Jan 16 12:54:43 2023 -0600
 1 file changed, 195 insertions(+), 143 deletions(-)
virtual-machine:~/Downloads/openwrt$ git remote remove oldrepo
virtual-machine:~/Downloads/openwrt$ git checkout master
Already on 'master'
Your branch is ahead of 'origin/master' by 15 commits.
  (use "git push" to publish your local commits)
virtual-machine:~/Downloads/openwrt$ git remote add upstream https://git.openwrt.org/openwrt/openwrt.git
virtual-machine:~/Downloads/openwrt$ git fetch upstream && git rebase upstream/master
From https://git.openwrt.org/openwrt/openwrt
 * [new branch]            lede-17.01    -> upstream/lede-17.01
 * [new branch]            master        -> upstream/master
 * [new branch]            openwrt-18.06 -> upstream/openwrt-18.06
 * [new branch]            openwrt-19.07 -> upstream/openwrt-19.07
 * [new branch]            openwrt-21.02 -> upstream/openwrt-21.02
 * [new branch]            openwrt-22.03 -> upstream/openwrt-22.03
Current branch master is up to date.
virtual-machine:~/Downloads/openwrt$ git status
On branch master
Your branch is ahead of 'origin/master' by 15 commits.
  (use "git push" to publish your local commits)

nothing to commit, working tree clean
virtual-machine:~/Downloads/openwrt$ 

add these to keep wpad-openssl & wireless-regdb instead of default "wpad-basic-mbedtls"

# CONFIG_PACKAGE_wpad-basic-wolfssl is not set
# CONFIG_PACKAGE_libustream-wolfssl is not set
# CONFIG_PACKAGE_libmbedtls is not set
# CONFIG_PACKAGE_libustream-mbedtls is not set
# CONFIG_PACKAGE_wpad-basic-mbedtls is not set

My diffconfig (R7800 -ath10k)

# Use "make defconfig" to expand this to a full .config
CONFIG_TARGET_ipq806x=y
CONFIG_TARGET_ipq806x_generic=y
CONFIG_TARGET_MULTI_PROFILE=y
CONFIG_TARGET_DEVICE_ipq806x_generic_DEVICE_netgear_r7800=y
CONFIG_TARGET_DEVICE_PACKAGES_ipq806x_generic_DEVICE_netgear_r7800="-kmod-ath10k-ct -ath10k-firmware-qca9984-ct kmod-ath10k ath10k-firmware-qca9984"
CONFIG_TARGET_PER_DEVICE_ROOTFS=y

# exfat is patented
CONFIG_BUILD_PATENTED=y

CONFIG_TARGET_ARCH_PACKAGES="arm_cortex-a15_neon-vfpv4"
CONFIG_CPU_TYPE="cortex-a15+neon-vfpv4"
CONFIG_LINUX_5_15=y
CONFIG_HAS_FPU=y
CONFIG_USES_DEVICETREE=y
CONFIG_USES_INITRAMFS=y
CONFIG_USES_SQUASHFS=y
CONFIG_NAND_SUPPORT=y
CONFIG_arm=y
CONFIG_arm_v7=y
CONFIG_ARCH="arm"
CONFIG_TARGET_ROOTFS_INITRAMFS=y
CONFIG_TARGET_INITRAMFS_COMPRESSION_NONE=y
CONFIG_TARGET_ROOTFS_SQUASHFS=y
CONFIG_TARGET_SQUASHFS_BLOCK_SIZE=512
CONFIG_TARGET_UBIFS_FREE_SPACE_FIXUP=y
CONFIG_TARGET_UBIFS_JOURNAL_SIZE=""
CONFIG_EXPERIMENTAL=y

# Kernel
CONFIG_COLLECT_KERNEL_DEBUG=y
CONFIG_HAS_TESTING_KERNEL=y
CONFIG_TESTING_KERNEL=y
CONFIG_KERNEL_AIO=y
CONFIG_KERNEL_CC_OPTIMIZE_FOR_PERFORMANCE=y
CONFIG_KERNEL_CC_STACKPROTECTOR_REGULAR=y
CONFIG_KERNEL_CRASH_DUMP=y
CONFIG_KERNEL_DEBUG_FS=y
CONFIG_KERNEL_DEBUG_INFO_REDUCED=y
CONFIG_KERNEL_DEBUG_INFO=y
CONFIG_KERNEL_DEBUG_KERNEL=y
CONFIG_KERNEL_DYNAMIC_DEBUG=y
CONFIG_KERNEL_DYNAMIC_FTRACE=y
CONFIG_KERNEL_ENABLE_DEFAULT_TRACERS=y
CONFIG_KERNEL_FANOTIFY=y
CONFIG_KERNEL_FHANDLE=y
CONFIG_KERNEL_FTRACE_SYSCALLS=y
CONFIG_KERNEL_FTRACE=y
CONFIG_KERNEL_FUNCTION_TRACER=y
CONFIG_KERNEL_IO_URING=y
CONFIG_KERNEL_IP_MROUTE_MULTIPLE_TABLES=y
CONFIG_KERNEL_IP_MROUTE=y
CONFIG_KERNEL_IP_PIMSM_V1=y
CONFIG_KERNEL_IP_PIMSM_V2=y
CONFIG_KERNEL_IPV6_MROUTE_MULTIPLE_TABLES=y
CONFIG_KERNEL_IPV6_MROUTE=y
CONFIG_KERNEL_IPV6_MULTIPLE_TABLES=y
CONFIG_KERNEL_IPV6_PIMSM_V2=y
CONFIG_KERNEL_IPV6_SEG6_LWTUNNEL=y
CONFIG_KERNEL_IPV6_SUBTREES=y
CONFIG_KERNEL_IPV6=y
CONFIG_KERNEL_KALLSYMS=y
CONFIG_KERNEL_KEXEC=y
CONFIG_KERNEL_MAGIC_SYSRQ=y
CONFIG_KERNEL_POSIX_MQUEUE=y
CONFIG_KERNEL_PRINTK_TIME=y
CONFIG_KERNEL_PRINTK=y
CONFIG_KERNEL_PROC_KCORE=y
CONFIG_KERNEL_PROC_VMCORE=y
CONFIG_KERNEL_SECCOMP_FILTER=y
CONFIG_KERNEL_SECCOMP=y
CONFIG_KERNEL_SQUASHFS_FRAGMENT_CACHE_SIZE=3
CONFIG_KERNEL_STACKPROTECTOR=y
CONFIG_STRIP_KERNEL_EXPORTS=y

# NSS Drivers
CONFIG_PACKAGE_kmod-qca-nss-drv=y
CONFIG_PACKAGE_kmod-qca-nss-ecm-standard=y
CONFIG_PACKAGE_kmod-qca-nss-gmac=y
CONFIG_PACKAGE_kmod-qca-nss-drv-qdisc=y
CONFIG_PACKAGE_kmod-nss-ifb=y
CONFIG_PACKAGE_kmod-qca-nss-drv-pppoe=y
CONFIG_PACKAGE_kmod-qca-nss-drv-pptp=y
CONFIG_PACKAGE_kmod-qca-nss-crypto=y
CONFIG_PACKAGE_kmod-qca-nss-drv-igs=y
CONFIG_PACKAGE_kmod-qca-nss-drv-netlink=y
CONFIG_PACKAGE_MAC80211_NSS_SUPPORT=y
# CONFIG_PACKAGE_kmod-qca-nss-drv-l2tpv2 is not set
# CONFIG_PACKAGE_kmod-qca-nss-drv-tunipip6 is not set

# Longer waiting for failsafe button push
CONFIG_IMAGEOPT=y
CONFIG_PREINITOPT=y
CONFIG_TARGET_PREINIT_TIMEOUT=5

# Busybox tweaks
CONFIG_BUSYBOX_CUSTOM=y
CONFIG_BUSYBOX_CONFIG_FEATURE_EDITING_SAVEHISTORY=y
CONFIG_BUSYBOX_CONFIG_FEATURE_EDITING_SAVE_ON_EXIT=y
CONFIG_BUSYBOX_CONFIG_FEATURE_LESS_FLAGS=y
CONFIG_BUSYBOX_CONFIG_FEATURE_LESS_REGEXP=y
CONFIG_BUSYBOX_CONFIG_FEATURE_LESS_WINCH=y

# Add-on programs
CONFIG_DROPBEAR_ECC=y
CONFIG_PACKAGE_aria2=y
CONFIG_PACKAGE_dnsproxy=y
CONFIG_PACKAGE_nano=y
CONFIG_PACKAGE_htop=y
CONFIG_PACKAGE_kmod-cryptodev=y
CONFIG_PACKAGE_libopenssl-devcrypto=y
CONFIG_PACKAGE_kmod-dnsresolver=y
CONFIG_PACKAGE_kmod-ramoops=y
CONFIG_PACKAGE_kmod-pstore=y
CONFIG_PACKAGE_kmod-reed-solomon=y
# CONFIG_PACKAGE_kmod-pppol2tp is not set
CONFIG_PACKAGE_ds-lite=y
CONFIG_PACKAGE_curl=y
CONFIG_PACKAGE_wget-ssl=y
CONFIG_PACKAGE_kmod-usb-printer=y

# USB device mount & file systems support
CONFIG_PACKAGE_block-mount=y
CONFIG_PACKAGE_cryptsetup=y
CONFIG_PACKAGE_e2fsprogs=y
CONFIG_PACKAGE_f2fs-tools=y
CONFIG_PACKAGE_kmod-crypto-ecb=y
CONFIG_PACKAGE_kmod-crypto-xts=y
CONFIG_PACKAGE_kmod-crypto-iv=y
CONFIG_PACKAGE_kmod-crypto-misc=y
CONFIG_PACKAGE_kmod-crypto-user=y
CONFIG_PACKAGE_kmod-fs-exfat=y
CONFIG_PACKAGE_kmod-fs-ext4=y
CONFIG_PACKAGE_kmod-fs-f2fs=y
CONFIG_PACKAGE_kmod-fs-hfs=y
CONFIG_PACKAGE_kmod-fs-hfsplus=y
CONFIG_PACKAGE_kmod-fs-msdos=y
CONFIG_PACKAGE_kmod-fs-nfs=y
CONFIG_PACKAGE_kmod-fs-nfs-common=y
CONFIG_PACKAGE_kmod-fs-nfs-v3=y
CONFIG_PACKAGE_kmod-fs-nfs-v4=y
CONFIG_PACKAGE_kmod-fs-vfat=y
CONFIG_PACKAGE_kmod-nls-base=y
CONFIG_PACKAGE_kmod-nls-cp1250=y
CONFIG_PACKAGE_kmod-nls-cp437=y
CONFIG_PACKAGE_kmod-nls-cp850=y
CONFIG_PACKAGE_kmod-nls-iso8859-1=y
CONFIG_PACKAGE_kmod-nls-iso8859-15=y
CONFIG_PACKAGE_kmod-nls-utf8=y
CONFIG_PACKAGE_kmod-usb-storage=y
CONFIG_PACKAGE_kmod-usb-storage-uas=y
CONFIG_PACKAGE_libblkid=y
CONFIG_PACKAGE_ntfs-3g=y
CONFIG_PACKAGE_nfs-utils=y

# IPv6 support
CONFIG_PACKAGE_6in4=y
CONFIG_PACKAGE_6to4=y
CONFIG_PACKAGE_6rd=y

# WLAN/WPS support
CONFIG_PACKAGE_hostapd-utils=y
CONFIG_WPA_MSG_MIN_PRIORITY=4
CONFIG_PACKAGE_wireless-regdb=y
CONFIG_PACKAGE_wpad-openssl=y
# CONFIG_PACKAGE_wpad-basic-wolfssl is not set
# CONFIG_PACKAGE_libustream-wolfssl is not set
# CONFIG_PACKAGE_libmbedtls is not set
# CONFIG_PACKAGE_libustream-mbedtls is not set
# CONFIG_PACKAGE_wpad-basic-mbedtls is not set

# SSL certificates
CONFIG_PACKAGE_ca-certificates=y

# Luci (SSL from OpenSSL)
CONFIG_LUA_ECO_DEFAULT_OPENSSL=y
CONFIG_LUA_ECO_OPENSSL=y
CONFIG_PACKAGE_luci-ssl-openssl=y
CONFIG_PACKAGE_luci-app-commands=y
CONFIG_PACKAGE_luci-app-adblock=y
CONFIG_PACKAGE_luci-app-https-dns-proxy=y
CONFIG_PACKAGE_luci-theme-openwrt-2020=y
CONFIG_PACKAGE_luci-app-sqm=y
CONFIG_PACKAGE_luci-proto-wireguard=y
CONFIG_PACKAGE_kmod-wireguard=y
CONFIG_PACKAGE_wireguard-tools=y
CONFIG_PACKAGE_openssl-util=y
# CONFIG_LUCI_JSMIN is not set
CONFIG_OPENSSL_ENGINE=y
CONFIG_OPENSSL_OPTIMIZE_SPEED=y
CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM=y
CONFIG_OPENSSL_WITH_ASM=y
CONFIG_OPENSSL_WITH_CHACHA_POLY1305=y
CONFIG_OPENSSL_WITH_CMS=y
CONFIG_OPENSSL_NO_DEPRECATED=y
CONFIG_OPENSSL_WITH_ERROR_MESSAGES=y
CONFIG_OPENSSL_WITH_PSK=y
CONFIG_OPENSSL_WITH_SRP=y
CONFIG_OPENSSL_WITH_TLS13=y

# Luci statistics
CONFIG_PACKAGE_luci-app-statistics=y
CONFIG_PACKAGE_collectd-mod-conntrack=y
CONFIG_PACKAGE_collectd-mod-cpufreq=y
CONFIG_PACKAGE_collectd-mod-dhcpleases=y
CONFIG_PACKAGE_collectd-mod-entropy=y
CONFIG_PACKAGE_collectd-mod-exec=y
CONFIG_PACKAGE_collectd-mod-thermal=y
CONFIG_PACKAGE_collectd-mod-wireless=y

CONFIG_PACKAGE_kmod-ath10k-ct=m
CONFIG_PACKAGE_kmod-ath10k=m
CONFIG_PACKAGE_ath10k-firmware-qca988x-ct=m
CONFIG_PACKAGE_ath10k-firmware-qca99x0-ct=m
CONFIG_PACKAGE_ath10k-firmware-qca9984-ct=m
CONFIG_PACKAGE_ath10k-firmware-qca988x=m
CONFIG_PACKAGE_ath10k-firmware-qca99x0=m
CONFIG_PACKAGE_ath10k-firmware-qca9984=m

rc.local

# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.

# move nss cores to cpu1 and cpu2
i=1
awk '$7=="nss"{gsub(":","");print $1,$7}' /proc/interrupts| while read num irq; do
  echo $i > /proc/irq/$num/smp_affinity
  i=$((i+1))
done

# move rpm, and usb to cpu2
awk '$7~/qcom_rpm_ack|xhci-hcd/{gsub(":","");print $1,$7}' /proc/interrupts| while read num irq; do
  echo 2 > /proc/irq/$num/smp_affinity
done

echo performance > /sys/devices/system/cpu/cpufreq/policy0/scaling_governor
echo performance > /sys/devices/system/cpu/cpufreq/policy1/scaling_governor
echo 800000000 > /proc/sys/dev/nss/clock/current_freq

echo 1 > /sys/devices/system/cpu/cpufreq/policy0/stats/reset
echo 1 > /sys/devices/system/cpu/cpufreq/policy1/stats/reset

modprobe act_nssmirred

# Shape ingress traffic to 900 Mbit with chained NSSFQ_CODEL
tc qdisc add dev eth1 root handle 1: nsstbl rate 900Mbit burst 1Mb
tc qdisc add dev eth1 parent 1: handle 10: nssfq_codel limit 10240 flows 1024 quantum 1514 target 5ms interval 100ms set_default

# Shape egress traffic to 900 Mbit with chained NSSFQ_CODEL
tc qdisc add dev eth0 root handle 1: nsstbl rate 900Mbit burst 1Mb
tc qdisc add dev eth0 parent 1: handle 10: nssfq_codel limit 10240 flows 1024 quantum 1514 target 5ms interval 100ms set_default

exit 0

Latest master builds the software tab is missing Software tab missing

5 Likes

K5.15 ipq807x-nss it seems that some nss-drv symbols are missing IPQ807X NSS Build - #66 by bitthief

Commits · bitthief/openwrt · GitHub

ipq807x: net: QCA NSS igs support · bitthief/openwrt@36b2534 · GitHub

Maybe you could try something similar for master/K5.15

On 22.03 I had these messages too on both my R7800s, but for me they did in fact cause problems.

Note that the MAC addresss mentioned were for stations on the network, they were not Mac addresses of the router itself, so all the posts about unique bridge addresses, loops etc. are not relevant in this case.

In my case, the station with the mac address mentioned in the message did not get IP addresses from the DHCP server on the router.

After I upgraded to snapshot the problem appears to be gone.

Some observations:

  • The bridge forwarding table (brctl showmacs br-lan) reported those addresses as "Is local", which is really strange.
  • The station was blocked as long as the entry was active in the forwarding table. If the entry expired or was deleted, connectivity was usually restored (sometimes it got added as "Is local" again). This actually makes sense in my book.
  • The "accept local traffic" UCI setting on the bridge did not solve the DHCP problem, it probably did allow packets being bridged but I didn't really test this well.
  • If I disabled address learning on the bridge (brctl setageingtime br-lan 0) the problem went away (but this had a huge impact on performance)
  • If lowered the ageing time the problem got a lot worse (more MACs being reported as local)
  • Both my router and AP reported these messages around the same time (but for different MACs), which leads me to believe a certain kind of network traffic triggers this bug. Might be roaming between Wi-Fi and a LAN port.
  • The problem dissapeared by itself after a while
  • I've tried disabling 802.11v proxy arp, multicast, igmp snooping, mdns to no avail
  • The message appeared both for directly connected wlan stations aswell as as stations on my other AP coming in over the LAN
  • I ocassionally saw this message on non-NSS builds aswell, but didn't notice any impact back then

Hope this helps someone track down this issue further.

1 Like

22.03 build updated today. For master I’m having build errors with the “ninja” tools module. It isn’t spitting out any useful log info to troubleshoot it other than it failed. If anyone has troubleshot this already I’m all ears!

3 Likes

clean ccache... clean toolchain entirely and clean host tools... but it's probably ccache

4 Likes

While I had some random reboots in other builds, this one is stable for me so far (3 days uptime)
R7800-20230221-Stable2203NSS-ath10k-sysupgrade

1 Like

I am new to trying to compile my own Builds based on ACWIFIDUDE'S NSS. I am making progress.I am building Master Branch - and I have one question for those who are more familiar with this process than I.

Acwifidude's repo is supposed to be synced with OpenWRT - OpenWRT Master repo has OpenSSL 3.0 - while when I compiled ACWIFIDUDE'S NSS Master yesterday - it was OpenSSL 1 1s Nov 22

So I am trying to see if I am doing anything / something incorrectly - or for whatever reason ACWIFIDUDE'S NSS Repo is a bit behind OpenWRT Git Repo

Thanks to any and all for your assistance

Normal
His last update is from last month.
You cloned the acwifi repo and his last master sync repo his from last month

1 Like

Thanks - OK - got you - I really appreciate you being there to expand my understanding of how this OpenWRT Compilation process works.
Thanks for being my friend Jim

1 Like

Yikes. My head is spinning from this thread. I have an XR500 flashed with the standard stable 22.03.3 release. My understanding is that Openwrt does not support NSS cores unless a custom build is flashed correct? Is there a guide somewhere in this thread that explains the issue? DDWRT has a guide available that I found very helpful.

Seeing all the issues in this thread seriously has me considering DDxWRT since it is rock solid on the XR500 from what I’ve seen.

I’m not going to bash DD-WRT. If it works for you, stick to it. I prefer OpenWRT. Kind of the same way some people prefer vanilla to chocolate. Just because.

This thread is over two years old so the NSS business on these particular routers I’d say is very mature.

ACwifidude’s 22.03.3 build on 1st post is probably all you need. No need to build anything. Just sysupgrade that or upgrade with that via the UI (that is, provided your router is supported by this build, I have not checked.) I don’t see the value of building if you are just not going to change anything.

If you want something as close as possible to the official 22.03.3 build but with NSS support, need fancy modules like LTE dongle support, or use the image builder to make custom images I suggest you check the build I posted. Just scroll up for a while. ACwifidude keeps his build updated while I built with the release tag annd with all modules and let it be. ACwifidude’s is used by most of the 22.03.3 users on this thread so any concerns you may have will get feedback from more people. I prefer my thing. Again… vanilla with sprinkles or with chocolate shavings. No issues… just give it a try.

2 Likes

Yeah, this is not for head spinners. Get back to 4.9 old rock kernel. Dows that have NSS??? Here is 5.15...

The 22.03 build is pretty solid for me. I can’t remember the last time it crashed. Feel free to try it (you can always flash to something else).

NSS builds are great for the additional wifi speed and additional routing speed especially if you have a 500mbps or faster ISP connection.

4 Likes

Is nss help too for speed like 150/20 Mbps?
And I've read that we can use Devcypto accelerator with R7800 and nss offloading?
Thanks

You might have better performance without nss using cake at that speed tbh

1 Like

I am on a 100/100 connection and was using hnyman build and cake. While it works quite well I had higher latency compared to the nss build I use now. The only downside now is that I have to limit my connection a bit more: ~90/90 to keep super low latency.

1 Like