doveki
2457
Please don't random quote posts or @anyone in threads.
If you find a problem you can report it instead of random quotes and @anyone
asvio
2458
I'm using this patch (well not exactly the same but as part of another) and i do not have any problem.
It's true there is a problem but not with this patch, and the 6.x wifi branch included on @qosmio repository is working as it should
2 Likes
So its more like "a version of dnsmasq that applies DNS blocklists and has a UI that is streamlined for setting up what should be blocked"?
Assuming this is more-or-less correct (which might not be the case...again, I havent used Adguard Home myself), I guess you could set up Aguard Home to use a local unbound instance as its only "upstream" resolver and still get the security and privacy benefits that a personal recursive DNS resolver brings.
That said, Id still tend to think that you'll get better performance with unbound + adblock than with Adguard Home + unbound. This is largely because unbound is handling everything (adblock configures the blocklist in unbound's config and then restarts unbound and exits letting unbound do the actual blocking). I cant imagine that adding a "middleman" that:
- intercept DNS queries
- check its own blocklist
- communicate with unbound (with no blocklist) to resolve the query and
- reply to the device that made the DNS query
would be faster than just communicating with unbound directly and letting it use its own (adblock-configured) blocklist to decide whether or not to resolve the query.
cjom
2460
I don't know why you got the idea that I am using unbound, but I don't even have dnsmasq neither odhcp compiled, I am using adguardhome alone to deal with DHCP and DNS.
But I also have to add that I never used unbound (I did not even knew about it) so I have absolutely no way to compare the experience.
I do believe it might be lighter the combination of adblock+unbound as I did mention that adguardhome is memory hungry, but I also use pbr to route some sites and devices out of VPN and it supports adguardhome (through ipset, unfortunately).
I have all set with adguardhome, but I still might look deeper into unbound, might be worth if it supports what I need.
Sorry, I was really talking in general terms, I really didnt mean "you" specifically....I probably should have used the word "someone" instead of the word "you".
So it serves as a replacement for dnsmasq and fulfills the same "DNS forwarder + DHCP" role. This is what I had thought.
Id say it is worth looking into. Personally I really like unbound...Its basically a lightweight dns server that supports recursive lookups, caching, pre-fetching, DNSSEC, etc. and is overall focused on security and performance.
for those with AX3600 and do not want QCA9887 Aiot radio compiled into the build
in your .config file make the following adjustments
# Disable QCA9887 radio
CONFIG_PACKAGE_ath10k-firmware-qca9887-ct=n
CONFIG_PACKAGE_kmod-ath10k-ct-smallbuffers=n
# CONFIG_PACKAGE_MAC80211_NSS_REDIRECT is not set
@qosmio - if you have a working SQM configuration, would you mind posting your /etc/config/sqm?
Using the configuration shown below Im getting some...weird behavior. Ive never setup SQM before though so I'm really hoping that Ive just configured something wrong.
# should this be `config queue 'wan'` ???
config queue 'eth1'
option enabled '1'
option interface 'wan'
option download '960000'
option upload '500000'
option qdisc 'fq_codel'
option script 'nss-zk.qos'
option linklayer 'ethernet'
option debug_logging '0'
option verbosity '6'
option overhead '44'
option linklayer_advanced '1'
option tcMTU '2047'
option tcTSIZE '128'
option tcMPU '88'
option linklayer_adaptation_mechanism 'default'
NOTE: internet connection is 1000/500 mbps fiber. I dont really need SQM for this connection, since saturating my download link only increases latency from 20 ms to 40-50 ms, but I figure since I can actually do it now (yay NSS!) I mine as well try it out.
The "weirdness" im seeing is...well....weird.
When SQM is not currently running and I enabled it (set enabled '1' in uci config and run service sqm start) it enables and seems to work - running speedtest-netperf.sh my download speed drops to ~860 mbps (vs ~910 mbps without sqm) but latenency only increases by a maximum of ~1-2 ms instead of 20-30 ms. BUT, there is a constant ~25% load on all 4 CPU's. This load remains even when the network is idle and no one is using it for anything (meaning no traffic going through the router). Based on how good the performance is and since the load is independent of how much traffic there is, I think that NSS is actually handling SQM here, but something not related to how much traffic the router is processing is fully using up 1 CPU core and just getting quickly passed around between cores.
If I enable the sqm service and reboot, there is something that is perpetually restarting the sqm service at least once a second. Weirdly, stopping+disabling the sqm service doesnt stop this from happening (unless I reboot). setting enabled '0' in the uci config stops it, but if I then set enabled '1' it starts back up immediately, so I dont think that it actually was ever actually stopped, it just had no effect (other than wasting CPU cycles) with sqm not enabled by UCI.
=n is not the ideal/standard way to disable something, that's why I suggest use "# ... is not set"
ref: here
eww
2466
Thank you. I forgot your hack 
1 Like
those are build by default when ax3600 is selected. so if not set to =n .. it gets included
I happen to run into the same "issue" here, and managed to narrow down a bit:
- what is break -- ECM loading error is shown in log
Thu Apr 25 12:09:53 2024 daemon.notice procd: /etc/rc.d/S26qca-nss-ecm: Failed to find ecm. Maybe it is a built in module ?
Thu Apr 25 12:09:53 2024 daemon.notice procd: /etc/rc.d/S26qca-nss-ecm: /etc/rc.common: line 73: can't create /sys/kernel/debug/ecm/ecm_classifier_default/accel_delay_pkts: nonexistent directory
Thu Apr 25 12:09:53 2024 daemon.notice procd: /etc/rc.d/S26qca-nss-ecm: /etc/rc.common: line 81: can't create /sys/kernel/debug/ecm/ecm_db/defunct_all: nonexistent directory
Thu Apr 25 12:09:53 2024 daemon.notice procd: /etc/rc.d/S26qca-nss-ecm: net.bridge.bridge-nf-call-arptables = 0
Thu Apr 25 12:09:53 2024 daemon.notice procd: /etc/rc.d/S26qca-nss-ecm: net.bridge.bridge-nf-call-iptables = 0
Thu Apr 25 12:09:53 2024 daemon.notice procd: /etc/rc.d/S26qca-nss-ecm: net.bridge.bridge-nf-call-ip6tables = 0
...
Thu Apr 25 12:09:59 2024 daemon.notice procd: /etc/rc.d/S71qca-nss-pbuf: Failed to find ecm. Maybe it is a built in module ?
Thu Apr 25 12:09:59 2024 daemon.notice procd: /etc/rc.d/S71qca-nss-pbuf: /etc/rc.common: line 73: can't create /sys/kernel/debug/ecm/ecm_classifier_default/accel_delay_pkts: nonexistent directory
Thu Apr 25 12:09:59 2024 daemon.notice procd: /etc/rc.d/S71qca-nss-pbuf: /etc/rc.common: line 81: can't create /sys/kernel/debug/ecm/ecm_db/defunct_all: nonexistent directory
Thu Apr 25 12:09:59 2024 daemon.notice procd: /etc/rc.d/S71qca-nss-pbuf: net.bridge.bridge-nf-call-arptables = 0
Thu Apr 25 12:09:59 2024 daemon.notice procd: /etc/rc.d/S71qca-nss-pbuf: net.bridge.bridge-nf-call-iptables = 0
Thu Apr 25 12:09:59 2024 daemon.notice procd: /etc/rc.d/S71qca-nss-pbuf: net.bridge.bridge-nf-call-ip6tables = 0
further investigation shows that insmod ecm report error, while modinfo ecm is good
root@AX6:~# modinfo ecm
filename: /lib/modules/6.6.28/ecm.ko
license: Dual BSD/GPL
depends: qca-nss-drv,nf_conntrack,qca-mcs,bonding,vxlan,ppp_generic,l2tp_ppp,pptp,pppoe,nat46
name: ecm
vermagic: 6.6.28 SMP mod_unload aarch64
parm: front_end_selection (int)
root@AX6:~# insmod ecm
Failed to find ecm. Maybe it is a built in module ?
- when it breaks: this commit is known working, so something is happening between it and now.
root@AX6:~# modinfo ecm
filename: /lib/modules/6.6.27/ecm.ko
license: Dual BSD/GPL
depends: qca-nss-drv,nf_conntrack,qca-mcs,bonding,vxlan,ppp_generic,l2tp_ppp,pptp,pppoe,nat46
name: ecm
vermagic: 6.6.27 SMP mod_unload aarch64
parm: front_end_selection (int)
root@AX6:~# insmod ecm
module is already loaded - ecm
BTW: the Kernel also bump from 6.6.27 to 6.6.28 in this time frame.
please let me know if you need any information.
3 Likes
asvio
2469
Although you mention that you are using uci, I think that at some point you are using the luci web interface for sqm to modify and save data.
I say this because there is a problem in luci-sqm that when you save data what you mention about cpu usage happens.
This occurs even in the snapshot-openwrt build and it is not related to nss.
If you don't use luci you shouldn't have the problem you describe, at least I don't.
I don't know how long this problem with luci has been present but I can say that it was "recently" given that a month ago it was working correctly.
eww
2470
I dont know why but use modprobe ecm work, and in /etc/rc.d/S26qca-nss-ecm, load_ecm fn uses insmod
1 Like
qosmio
2471
Appreciate the thorough write up. kmodloader version of insmod doesn't always play nicely with ECM. I will take a look at this later today.
3 Likes
asvio
2472
I can confirm that the problem is generated by this commit
2 Likes
qosmio
2473
Just pushed a fix to resolve ECM loading issue
commit 3ffec2d091c9e1e69997688c853355b530af65d1 (HEAD -> NSS-12.4-K6.x, origin/NSS-12.4-K6.x, origin/HEAD)
Author: Sean Khan <datapronix@protonmail.com>
AuthorDate: Thu Apr 25 05:17:18 2024 -0400
Commit: Sean Khan <datapronix@protonmail.com>
CommitDate: Thu Apr 25 05:17:18 2024 -0400
nss-ecm: workaround insmod issue
switch to using modprobe vs. insmod as it allows more versatility in dependency loading.
options are now automatically checked and added to /etc/modules.conf
Signed-off-by: Sean Khan <datapronix@protonmail.com>
4 Likes
insmod ecm front_end_selection="$get_front_end_mode" changed tomodprobe ecm front_end_selection="$get_front_end_mode" Can also run,Is there any difference between the new change and this change?
qosmio
2475
Although it might look like it's working, modprobe (which is a symlink to kmodloader) doesn't properly apply options from the command line.
Example with ath11k and changing frame_mode=2 to frame_mode=1
1.) Removing the module:
2.) Commenting out options to verify it's not being applied from config files.
4.) Verify module is not loaded, then loading the module with modprobe + options. Verify that module is NOW loaded, however, we see it doesn't accept the frame_mode=1 option.
And then with modules.conf set:
2 Likes
One really strange (maybe not) coincidence.
@qosmio You remember that I wrote about nlbwmon not working for me a while ago.
I installed a new firmware version (with ECM issue) today before your last commit that fixed it (You were really fast).
Strange or not nlbwmon was working on it. I found this out suddenly.
A few minutes ago I flashed fixed version. ECM works but nlbwmon is dead again.
On the fixed ecm version I've tried rmmod ecm without reboot to see if nlbwmon will start working, but it didn't.
Do you have any suggestion?
2 Likes
