Qualcommax NSS Build

That's a great idea, all the modules should be fixed now, at least during my testing. I've added a configure script (borrowed a lot of it from @Qosmio's QSDK11.2 nss-packages), to simplify enabling / disabling them and also to try and prevent reverse / circular dependencies issues like it was the case with ipsecmgr. I am enabling the following stuff on my build, all confirmed to load and work on AX3600:

CONFIG_PACKAGE_kmod-qca-nss-drv=y
CONFIG_PACKAGE_kmod-qca-nss-drv-bridge-mgr=y
CONFIG_PACKAGE_kmod-qca-nss-drv-clmapmgr=y
CONFIG_PACKAGE_kmod-qca-nss-drv-dtlsmgr=y
CONFIG_PACKAGE_kmod-qca-nss-drv-eogremgr=y
CONFIG_PACKAGE_kmod-qca-nss-drv-gre=y
# CONFIG_PACKAGE_kmod-qca-nss-drv-ipsecmgr is not set
CONFIG_PACKAGE_kmod-qca-nss-drv-l2tpv2=y
CONFIG_PACKAGE_kmod-qca-nss-drv-lag-mgr=y
CONFIG_PACKAGE_kmod-qca-nss-drv-map-t=y
CONFIG_PACKAGE_kmod-qca-nss-drv-match=y
CONFIG_PACKAGE_kmod-qca-nss-drv-netlink=y
# CONFIG_PACKAGE_kmod-qca-nss-drv-ovpn-link is not set
# CONFIG_PACKAGE_kmod-qca-nss-drv-ovpn-mgr is not set
CONFIG_PACKAGE_kmod-qca-nss-drv-pppoe=y
CONFIG_PACKAGE_kmod-qca-nss-drv-pptp=y
CONFIG_PACKAGE_kmod-qca-nss-drv-pvxlanmgr=y
CONFIG_PACKAGE_kmod-qca-nss-drv-tlsmgr=y
CONFIG_PACKAGE_kmod-qca-nss-drv-tun6rd=y
CONFIG_PACKAGE_kmod-qca-nss-drv-tunipip6=y
CONFIG_PACKAGE_kmod-qca-nss-drv-vlan-mgr=y
CONFIG_PACKAGE_kmod-qca-nss-drv-vxlanmgr=y
CONFIG_PACKAGE_kmod-qca-nss-drv-igs=y
CONFIG_PACKAGE_kmod-qca-nss-drv-qdisc=y

Ah interesting, that's a great find, thanks for the heads-up. I had a feeling that OC patch was way too good to be true, jumping from 1.4GHz to 2.2 seemed unrealistic, I'll remove it with the next openwrt sync.

I have now tested this, after the latest changes. I don't think qdisc was working properly (missing NSS-DRV symbols and hard dependency on qca-nss-drv-igs, both popped up now).

# Enable modules and start virtual interface
/etc/init.d/qca-nss-mirred start
insmod nss-ifb nss_dev_name=wan
ip link set up nssifb

# Shape ingress traffic to 900 Mbit with chained NSSFQ_CODEL
tc qdisc add dev nssifb root handle 1: nsstbl rate 900Mbit burst 1Mb
tc qdisc add dev nssifb parent 1: handle 10: nssfq_codel limit 10240 flows 1024 quantum 1514 target 5ms interval 100ms set_default

# Shape egress traffic to 500 Mbit with chained NSSFQ_CODEL
tc qdisc add dev wan root handle 1: nsstbl rate 500Mbit burst 1Mb
tc qdisc add dev wan parent 1: handle 10: nssfq_codel limit 10240 flows 1024 quantum 1514 target 5ms interval 100ms set_default

It does apply for the WireGuard tunnel interfaces behind the WAN also, from the testing so far. And it has literally obliterated any buffer bloat and random jumping latencies, no performance downgrade visible, so I think it's a win.

It'd be great if anyone interested could try patching sqm-scripts with https://github.com/ricsc/sqm-scripts/commit/c824f6bca679aebc656fdaad8ebec6e11663b665 and the luci-app-sqm package, our ipq806x friends have done most of the hard work. If everything works, I'll add it to the repo afterwards.

5 Likes