They should both be disabled on the firewall page.
2 Likes
@xeonpj @segator I think it's important to clarify which build you're using when reporting such concerns. Is this on the MASTER -or- 21.02 STABLE build? If it's on MASTER - please keep in mind having Kernel 5.10 working with NSS is still young... and crashes / instability should be somewhat expected with the new territory. I know that on my NBG6817 the MASTER build will crash within 30min without fail... and similarly without any logs to provide qualitative feedback. The STABLE build however is 100% stable for me... literally a set & forget. It's not to say STABLE builds can't have their bugs, but I find them generally to be config / specific package related.
sorry, I'm talking about 5.4.143 kernel. a test with 5.10 and it was not going well for me and I took it off.
Hi, I am interested in trying out the NSS feature for my own build. I have a specific firmware setup I like to continue using. I was able to adapt the related NSS patches from @ACwifidude repository into my 21.02 branch. I have some question I hope the community can help me out.
- Is it possible to enable just the NSS features/modules without enabling all kernel modules via
CONFIG_ALL_KMODS=y, without theCONFIG_ALL_KMODSsetting, the below module doesn't show up as an option. - Is it possible to compile
kmod-qca-nss-ecm-standardand NSS related modules as build-in into the kernel image instead of module? if so, how I can do this?
Thank you in advance for your help.
You should be able to run a make config and select the features you want, or alternatively add them in to the .config file manually. I'm doing something similar to you and my .config has the below (you can probably omit pppoe and crypto unless you specifically need either);
CONFIG_PACKAGE_kmod-qca-nss-crypto=y
CONFIG_PACKAGE_kmod-qca-nss-drv=y
CONFIG_PACKAGE_kmod-qca-nss-drv-pppoe=y
CONFIG_PACKAGE_kmod-qca-nss-gmac=y
CONFIG_PACKAGE_kmod-qca-nss-drv-qdisc=y
CONFIG_PACKAGE_kmod-qca-nss-ecm-standard=y
CONFIG_PACKAGE_MAC80211_NSS_SUPPORT=y
y means they are compiled in the image whereas m indicates module, although not in the sense I think you mean (It builds the package, but you would have to install it via opkg rather than it being part of the flashed image). I could be totally wrong, but I believe using loadable modules is normal these days, it's certainly being a long time since I remember drivers being included as part of the kernel, so I have no clue how you would do it or whether it's still possible...
Ah, thank you for your reply. I was able to get the kmod-qca-nss-ecm-standard module to show in my final config after running make menuconfig with the below bare minimal config. There must be some other option(s) I have enabled that cause it to not show. Now I just need to find that other option and disable it. 
CONFIG_TARGET_OPTIONS=y
CONFIG_TARGET_ipq806x=y
CONFIG_TARGET_ipq806x_generic=y
CONFIG_TARGET_SUBTARGET="generic"
CONFIG_TARGET_BOARD="ipq806x"
CONFIG_TARGET_ipq806x_generic_DEVICE_netgear_r7800=y
CONFIG_PACKAGE_kmod-ath10k-ct=y
CONFIG_PACKAGE_ath10k-firmware-qca9984-ct=n
CONFIG_PACKAGE_ath10k-firmware-qca9984-ct-htt=y
CONFIG_PACKAGE_kmod-qca-nss-crypto=y
CONFIG_PACKAGE_kmod-qca-nss-drv=y
CONFIG_PACKAGE_kmod-qca-nss-drv-pppoe=y
CONFIG_PACKAGE_kmod-qca-nss-gmac=y
CONFIG_PACKAGE_kmod-qca-nss-drv-qdisc=y
CONFIG_PACKAGE_kmod-qca-nss-ecm-standard=y
CONFIG_PACKAGE_MAC80211_NSS_SUPPORT=y
Found the 2 extra option that's causing the kmod-qca-nss-ecm-standard module not selected.
CONFIG_PACKAGE_ppp=n
CONFIG_PACKAGE_ppp-mod-pppoe=n
I do not have a need for ppp functionality so I have ppp disabled on my images. I also try setting CONFIG_PACKAGE_kmod-qca-nss-drv-pppoe=n with the above 2 options, still the kmod-qca-nss-ecm-standard did not get enabled in the final config. Any idea why we need ppp if we don't need any ppp functionality?
This one
It looks like ECM selects the PPP related packages and from what I can see, pppoe and ppp_generic kmods are used by the ecm kmod. Like you, I'm not using ppp and I suspect it's just how it's being written, i.e. ecm is linked to ppp because it might need to accelerate ppp traffic...
I don't know if you've managed to your build working yet, but there are a number of packages selected by ecm, if they aren't enabled in your build, it may be why they aren't showing up...
Selects: PACKAGE_kmod-qca-nss-drv [=y] && PACKAGE_kmod-ipt-conntrack [=y] && PACKAGE_kmod-qca-nss-drv [=y] && PACKAGE_kmod-qca-nss-drv [=y] && \ │
│ PACKAGE_kmod-qca-nss-drv [=y] && PACKAGE_kmod-ipsec [=y] && PACKAGE_kmod-qca-nss-drv [=y] && PACKAGE_kmod-qca-nss-drv [=y] && PACKAGE_kmod-pppoe [=y] & │
│ PACKAGE_kmod-qca-nss-drv [=y] && PACKAGE_kmod-qca-nss-drv [=y] && PACKAGE_kmod-qca-nss-drv [=y] && PACKAGE_kmod-qca-nss-drv [=y] && \ │
│ PACKAGE_iptables-mod-extra [=y]
Thanks.
I edited the eax500.dtsi and tried to use the diffconfig and modified it.
Now my own build works.
kmod-qca-nss-ecm-standard is behind kmod-ppp.
When selecting kmod-ppp and kmod-qca-nss-ecm-standard it will automatically select also kmod-pppoe and kmod-pppox.
So whether you use ppp or not (like me), you will still need to select it.
Manually patching .config may cause some dependency issues, so I'd recommend use make menuconfig to select what is needed as it will automatically include dependencies.
Otherwise NSS with 5.10 kernel has been running just fine ever since it was made available;
root@R7800:~# uname -a && uptime && opkg list-installed |grep kmod-qca
Linux R7800 5.10.82 #0 SMP Sun Dec 12 07:34:28 2021 armv7l GNU/Linux
18:17:17 up 26 days, 2:09, load average: 0.09, 0.04, 0.00
kmod-qca-nss-drv - 5.10.82+809a00de-2
kmod-qca-nss-ecm-standard - 5.10.82+9228212b-1
kmod-qca-nss-gmac - 5.10.82+9b74deef-1
Thank you all for your help and support. @noblem yes, I was able to successfully compiled my own version of the firmware. I haven't got a chance to test it out yet as the r7800 is my main router. I will try this weekend to see how that works out.
@Gram yes, that's how I make my final config as well, I have the bare minimum packages/options to begin with and use make menuconfig to expand to the full final config. My initial problem was that I have explicitly set the below in my bare-minimum config to start with since I never have a need for it until now.
CONFIG_PACKAGE_ppp=n
CONFIG_PACKAGE_ppp-mod-pppoe=n
I personally think that all the firmware of this router with NSS has a problem with the LAN part and the UDP traffic. Another curious thing, for example, in this case the PUGB game for PC, the audio (voice chat) does not work with r7800 NSS, on the other hand with 1043v2 it works perfectly, simply by changing the router. There is something in the NSS controller that the traffic is not routed correctly. It works fine, but I find myself with many problems, although it seems that I am one of the few that has them, which is rare. Through wifi everything seems to work better (for example the dynamic dns that point to LAN work), I don't understand why either, since the wifi traffic also seems to be accelerated by NSS.
sorry for the sermon
NOTE: with kernel 5.10, the PUBG game enters the game, but does not receive any data from the server, the network debugging information remains at zero, it is quite rare, and I stopped testing 5.10.
Hi,
here the problem I have since yesterday to build the 5.10 master NSS, don't know why I changed nothing from @ACwifidude repo.
Collected errors:
* pkg_hash_check_unresolved: cannot find dependency uci-firewall for luci-app-firewall
* pkg_hash_fetch_best_installation_candidate: Packages for luci-app-firewall found, but incompatible with the architectures configured
* satisfy_dependencies_for: Cannot satisfy the following dependencies for luci:
* uci-firewall
* opkg_install_cmd: Cannot install package luci.
I hate to keep speaking up - but saying "all firmware of this router with NSS has a problem" simply is not accurate. Using the latest 21.02 STABLE build, I find this to be a set-and-forget firmware for the various devices I maintain. All the devices I support pass plenty of UDP traffic over my LAN ports daily and without fail. In 99% of cases like yours, I find the issue to be config related... either with the specific application being used, or with the OpenWRT config itself. You even admitted as such when you said "although it seems that I am one of the few that has them (problems)". R7800's are also know to have flash memory issues from time-to-time... perhaps that may be playing a role for you? Have you tried stock OpenWRT to see if it resolves? Have you double/triple checked your firewall configs & port forwards (if needed)?
@ACwifidude and his peers work extremely hard to maintain this build and further develop NSS support. We should all be very THANKFUL and GRATEFUL for their work. I believe that reporting specific bugs & providing feedback is always valuable... but to simply label the entire build as "a problem" is neither accurate in this case, nor helpful. I do not mean to sound offensive... but rather redirect you (and anyone else reading) to a more constructive feedback approach. 
I also believe everyone that uses this (and other community builds) should take a moment from time-to-time to express gratitude for the work the developers & maintainers put in. They do things that many of us do not have the skill set or knowledge base to do - and for that we all owe them a bit of gratitude.
6 Likes
at no point was it an attack on the developers, they do a lot, everything. not a bad interpreter.
I probably value the work they do, and it is not a criticism of them, in fact, they can touch little or nothing of the nss driver, I know. I only explained what I think, that something should not go well, at least in my configuration, although little by little I have managed to make it work better.
I find myself with "problems", and hopefully it was not like that. Not using NSS firmwares solve those problems, but it is not my idea in principle. If I can pass you some configuration and you can debug it to see if you see something, I am grateful.
Don't get it wrong, great router, and great community, and many thanks to the developers, but it seems to me that something is missing from the firmware that causes it to fail sometimes and in specific situations, it is just that.
Would love to have that fix!
Seems after disabling HW/SF flow offloading no more reboots (yet) 2,5 days working rock solid 
and yes UDP traffic works nice @xeonpj
1 Like
hi, using openwrt-21.02-nss-qsdk11.0 build, have enabled sqm and it works fine. when i try to add some filters for class, say nsshtb, im getting below error. arent filters supported on the nssifb interface? pls help
tc filter add dev nssifb protocol ip parent 1: prio 1 u32 match ip dst 192.168.1.2/32 flowid 1:1
RTNETLINK answers: Not supported
We have an error talking to the kernel
I am sad to report that my first attempt on NSS using openwrt-21.02-nss-qsdk11.0 patches didn't yield good results. My WiFi is completely busted, non of them are starting up after reboot. Below is what's shown in the log when trying to restart with wifi down && wifi up
Sat Jan 8 12:26:21 2022 daemon.notice netifd: radio0 (23576): WARNING: Variable 'data' does not exist or is not an array/object
Sat Jan 8 12:26:21 2022 daemon.notice netifd: radio0 (23576): Bug: PHY is undefined for device 'radio0'
Sat Jan 8 12:26:21 2022 daemon.notice netifd: Wireless device 'radio0' is now down
Sat Jan 8 12:26:21 2022 daemon.notice netifd: radio1 (23577): WARNING: Variable 'data' does not exist or is not an array/object
Sat Jan 8 12:26:21 2022 daemon.notice netifd: radio1 (23577): Bug: PHY is undefined for device 'radio1'
Sat Jan 8 12:26:21 2022 daemon.notice netifd: Wireless device 'radio1' is now down
This is what my radio0 and radio1 look like in the config.
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11a'
option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
option country 'US'
option beacon_int '101'
option cell_density '0'
option channel '157'
option htmode 'VHT40'
option txpower '29'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11g'
option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
option country 'US'
option beacon_int '103'
option cell_density '0'
option htmode 'HT40'
option channel 'auto'
I thought it might have some incompatible options in my config, so I remove all the wireless AP settings and try just creating a new one. That didn't seem to help, this is what I get from the UI when trying to create a new AP.
Everything else seems to be working. i.e. LAN and WAN.
Unfortunately, this is my main router and I can't be out of WiFi for an extended time. I might just try the FW provided by @ACwifidude if I can't figure out what's wrong to see how much more speed I can get out of my connection compare to what I am getting without NSS.
I am getting close to max (600 Mbps) speed from a MacBook Pro connected directly to the modem.
and this is what I get with my working FW without NSS.
