IPQ806x NSS Drivers

Do you have this enabled in your config?

Yes, I have the basic modules enabled that @Ansuel mentioned a few posts back.

I feel like wifi performance is much worse but that might be something else, I will revert and test my previous build.

I have those too and in my case they are related to a WDS connection with another AP router. They are harmless as far as I can tell.

Might explain it, I have an "extender" I use as WIFI->LAN bridge.

Anyway, for some reason my port forwards don't work anymore. I can't figure out why.

I also noticed the below and compiling the physdev kmod seems to have improved the wifi speeds.

* Running script '/etc/firewall.d/qca-nss-ecm'
iptables v1.8.4 (legacy): Couldn't load match `physdev':No such file or directory

Make sure you have "iptables-mod-physdev" and "kmod-ipt-physdev" installed. In addition, include these in you startup script:

iptables -D FORWARD -m physdev --physdev-is-bridged -j ACCEPT
iptables -I FORWARD 1 -m physdev --physdev-is-bridged -j ACCEPT

These rules were in a commit in @quarky's NSS repository and I included them in my setup. Just don't know exactly what they do but my system is working as it should.

Mh.. no errors with those commands now.
But local ethernet access can't access local websites,
I can access them when I'm connected to the wifi tho'. :roll_eyes:

Also WIFI seems to have more drops than usual.. so something is flaky.

I uploaded my bin folder here:

sysupgrade loads and router seems to be working fine. It is a clone of @Ansuel repo with no added custom patches. Only added Luci OpenSSL collection + these 8 packages to the default config for anyone that wants to see how the latest NSS build (26 August 2020) works with their setup:


CONFIG_PACKAGE_kmod-nss-ifb=y
CONFIG_PACKAGE_kmod-qca-nss-drv=y
CONFIG_PACKAGE_kmod-qca-nss-gmac=y
CONFIG_PACKAGE_kmod-qca-nss-drv-qdisc=y
CONFIG_PACKAGE_kmod-qca-nss-ecm-standard=y

CONFIG_PACKAGE_iptables-mod-physdev=y
CONFIG_PACKAGE_kmod-ipt-physdev=y

CONFIG_PACKAGE_irqbalance=y

4 Likes

I did revert back to my main master build. Everything seems to work better, devices dropping out from wifi seems pretty much gone. And firewall/forwarding rules work fine.

After reading the above post I realized I missed the nss-ifb kmod, not sure if that will improve things further for the NSS build, is it needed?

Oh well, sometimes it's hard to focus when you have your loved one telling you to watch the kids and what not. :slight_smile:

Hi @ACwifidude,

For testing nss-drv-qdisc/nss-ifb based on Quarky's instructions below you may need to include tc package to configure those.
CONFIG_PACKAGE_tc=y

I have 1Gb up/down links from ISP and basic dslreport tests using chrome shows;

  1. Without any nss-qdics config:
    image
  • Bufferbloat B
  1. With Quarky's 500Mb ingress/200Mb egress instructions copy/paste to test it is actually shaping down as expected:
    image
  • Bufferbloat A+
  1. Quarky's instructions adjusted to my 1Gb up/down line:
    image
  • Bufferbloat A+
3 Likes

Wow. Shaping a gig is impressive. I haven’t tried SQM yet - I’ll add tc my next go around. :sunglasses:

So the main 2 problem are wifi offload not working correctly (packet dropping) and firewall rules not applying. Did you observed problems with ethernet traffic?

1 Like

I’m seeing similar. No issues with Ethernet traffic.

Yes, SCP to the router was painfully slow (Over ethernet). But speeds over ethernet seemed fine otherwise.

Thats due to busybox, if you use something like openssh-server, you don't have that issue anymore.
(has nothing to do with the platform. i use a seperate ssh-server for my rsync backups as well)

1 Like

How can one confirm if wifi offloading is or is not working properly? Is packet dropping the only indicator?

I ask because I am not seeing any packet dropping and I get excellent throughput as I called out in another recent post, but I believe you indicated that CPU should be near zero. Does that mean that even sirq should be near zero under wifi load?

Thanks for the tip. Added the TC package. Rebuilt off of a clone of the latest @Ansuel repo.

Bin folder here if anyone else wants to try on their r7800:

Added in @quarky egress qdisc script to my /etc/rc.local file.

Latency: I'm far from the DSL reports servers and it is the middle of the day (don't look at the bandwidth). Bufferbloat looks great with SQM on only the upload side: :sunglasses:

Bandwidth: Looks great for a middle of the day random speedtest. Appreciate all the work.

1 Like

At the moment, we cannot achieve 100% NSS offload for WiFi, only partial. If you see non-zero stats from the below command, it means the 'offload' is working:

cat /sys/kernel/debug/qca-nss-drv/stats/virt_if

For now, netfiler (i.e. firewall) tasks are offloaded to NSS to cut down on the routing overhead. This will lower the sirq load seen by the Linux kernel. The WiFi control plane work is still very much done via the mac80211 and ath10k drivers in software, so load imposed on the ipq806x Krait core will still be there.

If anyone has a 3x3 or 4x4 WiFi client, do help to test if we can achieve more than 600Mbps thruput via WiFi. I only have 2x2 clients, so the best I can achieve is around 600Mbps. I believe it can go higher with NSS 'offload'.

Did you monitor the CPU usage of your router while performing the speed test? I believe it should be close to zero CPU usage if test is done via wired LAN clients.

Perhaps but it's faster on my main master build, but the slow SCP issue might be related to something else as well, it might not be related to eth traffic at all since the speed was fine at one point.

@Ansuel The issues i'm having for sure is slow wifi/disconnects and firewall not working when connecting locally using ethernet to forwarded ports, like http and https. Connectng the same way but with a device using wifi works.