Qualcommax NSS Build

AgustinLorenzo · 2024-05-06T17:14:47.750Z

Sorry if it bothers you, I was going to rebase again on my repo and I see that you are rebasing the entire branch in your repo, if you want to let me know when you finish and I can redo and retest.

qosmio:

actually, disabling just GRO should be sufficient. If I recall, GSO was only disabled on the physical WAN and LAN port in QSDK's boost_performance.sh.

For reference I'm able to max out my line speed over WiFi.

Do you think we should apply this by default?

qosmio:

I just didn't include support as it's not recommended to use the ct (Candela Tech) version due to poor performance plus it uses firmware that hasn't been updated in 4 years.

Either way, the IoT radio on the AX3600 is pretty crippled. Many folks on here don't even compile support for it. You're better off using the 2Ghz from the primary radio.

for the next version I think I will switch to non-ct driver to check the performance.

In my case the WiFi IoT is for when I test channels with the main network, it always gives the best results on channel 40-44 at 160 MHz.

Regards, Agustin

qosmio · 2024-05-06T17:54:00.067Z

AgustinLorenzo:

Sorry if it bothers you, I was going to rebase again on my repo and I see that you are rebasing the entire branch in your repo, if you want to let me know when you finish and I can redo and retest.

I finally got a round to rebasing some ~180 commits over the weekend. So many ugly merge commits (my own doing...). But a lot cleaner now, and I dropped a lot old commits that weren't needed explicitly for proper NSS (dnsmasq, flow offload scripts, anything outside of target/linux, package/kernel).

Was going to ask everyone if they could test building from there. If it works out well, I'll rename that branch as the primary qualcommax-6.x-nss-wifi

AgustinLorenzo:

Do you think we should apply this by default?

So, after testing over 4 days with 6.6.30 with (ecm.general.disable_gro='1'), I decided to reset it to '0' to see if my socket problem returned, and within a few hours everything locked up again. I couldn't call out to any external resolvers, or even locally. This was directly on the router. I could still resolve from clients if I specified a server directly (1.1.1.1).

I don't know if it's a combination of unbound + NSS + GRO, or just GRO + NSS. I haven't seen anyone else reporting it. @rmandrad , @jkool702 I know you both use unbound in your setup, curious if you've ran into this issue.

Either way, I think it's probably best to (ecm.general.disable_gro='1') for NSS focused builds.

Side note, the issue regarding enabling the bridge filtering options net.bridge.bridge-nf-call-* I found out was not really an issue, and in fact should not be enabled for nftables based builds since it competes with iptables. Which uses br_filter which has

The net.bridge.bridge-nf-call-* option simply enabling allowing iptables to accept bridge filtering rules, which it then passes onto kernel netfilter. nftables doesn't need the option to be explicitly set. That means fewer options need to be managed for ECM to function.

JuliusBairaktaris · 2024-05-06T17:58:42.664Z

Building now: https://github.com/JuliusBairaktaris/Qualcommax_NSS_Builder/actions/runs/8973508672

Edit: Failed @qosmio

My action workflow will track rebase-qualcommax-6.x-nss-wifi so you can have a reference if it builds.

Edit 2: Everything is working! It was just some build shenanigans that caused it to fail

asvio · 2024-05-06T19:40:06.682Z

qosmio:

Was going to ask everyone if they could test building from there

I have clone your rebase branch, I also add my commits for fan and leds support for NBG7815 and compile it without problem. Now running on device.

I'll inform if there is any problem.

jackyaway · 2024-05-06T20:19:02.458Z

Hi! I made a build this morning but the wan doesn't connect. I don't know why, there are no errors in system and kernel logs. Then i flashed the previous build (without 12.5 qssdk) and all is fine.
Now i try to build from your @qosmio rebase branch to see if it will connect the wan.

@asvio is it working all fine at your nbg7815?

asvio · 2024-05-06T20:52:14.335Z

jackyaway:

is it working all fine at your nbg7815?

No problem for me with 12.5 until i flash to the new rebase branch. It has been almost 48h working fine.

qosmio · 2024-05-06T20:55:47.352Z

Did you do a sysupgrade, or fresh install?

UPDATE: @asvio , could you expand on the problem you're having? Failed to boot? Or something else?

asvio:

I also add my commits for fan and leds support for NBG7815

Is that something that should be upstreamed? I feel like it'd be good since you're adding support for missing hardware, especially LED/fan related PRs which is easier to get approved than NSS changes.

asvio · 2024-05-06T21:07:56.934Z

I do a sysupgrade

linchpin81 · 2024-05-06T22:05:40.609Z

qosmio:

Is that something that should be upstreamed? I feel like it'd be good since you're adding support for missing hardware, especially LED/fan related PRs which is easier to get approved than NSS changes.

From a regular, inexperienced user perspective both thumbs up for it. I always stick to @asvio repo, because his LEDs and fans support commits make our nbg7815 feel like a normal, "complete" router experience (minus 160mhz support unfortunately). He also provides basic config, which makes compiling a breeze and offload works flawlessly. I am too inexperienced to add this support to other Devs repos and ultimately give them a try.

asvio · 2024-05-06T22:30:25.283Z

qosmio:

UPDATE: @asvio , could you expand on the problem you're having? Failed to boot? Or something else?

I think there was a problem with what I wanted to say. (language problems).
the new branch is working correctly.

qosmio:

Is that something that should be upstreamed?

LEDs support is more a cosmetic problem. This device has a relative big multiintensity multileds that can be annoying. There is firmware for the leds controller but it is not upstreamed. I've been updating the firmware to be used for 6.x kernels.

The fan support is another history. NBG7815 can easy reach 80°C on wifi, aqr113c and cpu chip with 25°C RT. So fan it a must to have if someone want to use this device seriously. NSS support also up temp 2-3°C.

I am using an implementation for the fan that surely would not be accepted upstream, but that allows me more freedom to control the device temperature.

sppmaster · 2024-05-07T08:14:23.394Z

qosmio:

Is that something that should be upstreamed?

Both PRs - kernel: qca-ssdk: update to 12.5 for kernel 6.6
and
kernel: qca-nss-dp: update to 12.5.r2 for kernel 6.6
were merged to main.
I have compiled both two days ago with kernel 6.6.30 (now in main too) and running with all of them was OK.

qosmio:

Was going to ask everyone if they could test building from there. If it works out well, I'll rename that branch as the primary qualcommax-6.x-nss-wifi

Just finished compiling from your new rebase-qualcommax-6.x-nss-wifi branch then sysupgraded keeping the settings. On top of it I've added qca-nss-dp: update to 12.5.r2 for kernel 6.6 and Mold 2.31. Runs OK.

The only negative experience is that this stupid error during compiling returned again. I had the same on ipq806x.

Ipq806x NSS build (Netgear R7800 / TP-Link C2600 / Linksys EA8500)

One thing that probably went unnoticed with the build configuration.
I experience the following at least on my build system.
I use your diffconfig as a base with slight modifications to suit my needs.
I get this error while compiling 23.05 build.

 make[3] -C package/libs/ustream-ssl compile
ERROR: package/libs/ustream-ssl failed to build (build variant: mbedtls).

Looking at config options I saw that openssl is used everywhere except for the libcurl that was set to use mbedtls variant. I don't want to mix both mbedtls and openssl that's why I selected libcurl to use openssl too.

image903×472 74.6 KB

But building failed with above message.
I suppose this is a dependency issue.
To workaround this I first compile using mbedtls variant and once it builds successfully I go to menuconfig and choose lubcurl open-ssl variant and then I can deselect mbedtls and this way have only openssl.
Sometimes curl package also fails to build probably because it selects the libcurl as a dependency module.
This is the error when trying to compile curl with lubcurl openssl variant.

make[3]: Entering directory '/home/debian/openwrt/feeds/packages/net/bind'
make[3]: Nothing to be done for 'compile'.
make[3]: Leaving directory '/home/debian/openwrt/feeds/packages/net/bind'
time: package/feeds/packages/bind/compile#0.11#0.10#0.19
make[3]: Entering directory '/home/debian/openwrt/feeds/packages/libs/nghttp2'
mkdir -p /home/debian/openwrt/staging_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/root-ipq806x/stamp
echo '14' | cmp -s - /home/debian/openwrt/staging_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/pkginfo/libnghttp2.version || { echo '14' > /home/debian/openwrt/staging_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/pkginfo/libnghttp2.version;  } 
SHELL= flock /home/debian/openwrt/tmp/.root-copy.flock -c 'cp -fpR /home/debian/openwrt/build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/nghttp2-1.57.0/.pkgdir/libnghttp2/. /home/debian/openwrt/staging_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/root-ipq806x/'
touch /home/debian/openwrt/staging_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/root-ipq806x/stamp/.libnghttp2_installed
echo "libnghttp2" >> /home/debian/openwrt/staging_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/pkginfo/nghttp2.default.install
make[3]: Leaving directory '/home/debian/openwrt/feeds/packages/libs/nghttp2'
time: package/feeds/packages/nghttp2/compile#0.16#0.14#0.26
make[3]: Entering directory '/home/debian/openwrt/feeds/packages/net/curl'
mkdir -p /home/debian/openwrt/staging_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/root-ipq806x/stamp
echo '4' | cmp -s - /home/debian/openwrt/staging_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/pkginfo/libcurl.version || { echo '4' > /home/debian/openwrt/staging_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/pkginfo/libcurl.version;  } 
SHELL= flock /home/debian/openwrt/tmp/.root-copy.flock -c 'cp -fpR /home/debian/openwrt/build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/curl-8.7.1/.pkgdir/libcurl/. /home/debian/openwrt/staging_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/root-ipq806x/'
touch /home/debian/openwrt/staging_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/root-ipq806x/stamp/.libcurl_installed
mkdir -p /home/debian/openwrt/bin/targets/ipq806x/generic/packages /home/debian/openwrt/build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/curl-8.7.1/ipkg-arm_cortex-a15_neon-vfpv4/libcurl/CONTROL /home/debian/openwrt/staging_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/pkginfo
install -d -m0755 /home/debian/openwrt/build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/curl-8.7.1/ipkg-arm_cortex-a15_neon-vfpv4/libcurl/usr/lib
cp -fpR /home/debian/openwrt/build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/curl-8.7.1/ipkg-install/usr/lib/libcurl.so.* /home/debian/openwrt/build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/curl-8.7.1/ipkg-arm_cortex-a15_neon-vfpv4/libcurl/usr/lib/
find /home/debian/openwrt/build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/curl-8.7.1/ipkg-arm_cortex-a15_neon-vfpv4/libcurl -name 'CVS' -o -name '.svn' -o -name '.#*' -o -name '*~'| xargs -r rm -rf
Package libcurl is missing dependencies for the following libraries:
libmbedcrypto.so.7
libmbedtls.so.14
libmbedx509.so.1
make[3]: *** [Makefile:198: /home/debian/openwrt/bin/packages/arm_cortex-a15_neon-vfpv4/packages/libcurl4_8.7.1-r1_arm_cortex-a15_neon-vfpv4.ipk] Error 1
make[3]: Leaving directory '/home/debian/openwrt/feeds/packages/net/curl'
time: package/feeds/packages/curl/compile#0.22#0.20#0.35
    ERROR: package/feeds/packages/curl failed to build.
make[2]: *** [package/Makefile:129: package/feeds/packages/curl/compile] Error 1
make[2]: Leaving directory '/home/debian/openwrt'
make[1]: *** [package/Makefile:123: /home/debian/openwrt/staging_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/stamp/.package_compile] Error 2
make[1]: Leaving directory '/home/debian/openwrt'
make: *** [/home/debian/openwrt/include/toplevel.mk:232: world] Error 2

Can you do something about this?

Edit - Making distclean and compiling again helped to get rid of the error.

Package libcurl is missing dependencies for the following libraries:
libmbedcrypto.so.7
libmbedtls.so.14
libmbedx509.so.1

Now everything is based on OpenSSL and I got rid of mbedtls completely.

root@R7800:~# opkg info libcurl4
Package: libcurl4
Version: 8.7.1-r1
Depends: libc, libopenssl3, libnghttp2-14, ca-bundle

Now trying to compile after distclean to see if I can get rid of this build error again.
While waiting the QNAP is running with libcurl mbedtls variant that compiled with no errors.

root@QNAP:~# opkg info libcurl4
Package: libcurl4
Version: 8.7.1-r2
Depends: libc, libmbedtls21, libpthread, libnghttp2-14, ca-bundle
Provides: libcurl
Status: install ok installed
Section: libs
Architecture: aarch64_cortex-a53
Size: 209585
Filename: libcurl4_8.7.1-r2_aarch64_cortex-a53.ipk
Description: A client-side URL transfer library
Installed-Time: 1715080703

anom3 · 2024-05-07T11:36:49.238Z

posting this here although it may or may not be related to the nss bits in this build but:

my structure on each of these is basically:

2.4 ssid 0 - hidden, just for my iot
2.4 ssid 1 - visible for 2.4g 'real' clients
5.8 ssid 0 - visible for 5.8g 'real' clients

for what ever reason, i have noticed some bridging issues on the 2.4 hidden ssid.

generally speaking, it works fine, but some arp requests would not answer.

when i moved it to position 2, so like this:

2.4 ssid 0 - visible for 2.4g 'real' clients
2.4 ssid 1 - hidden, just for my iot

this behavior stopped.

i was able to replicate this multiple times, multiple reboots on multiple clients.

what do i mean by bridging issues? well... the devices in question would be able to route to the outside world np. eg: they had wan access. but when i tried to ping / connect / etc to them using my lan (so lan to lan), the arp requests would not get forwarded to the requesting client. so the device attempting to connect to the device on the hidden ssid had no clue how to get to the device let alone for traffic to flow. here is a better example of when it was an issue:

client 1 -> wire -> 301w -> 2.4 hidden ssid -> client 2

when client 1 sent the who has arp requersts before actually trying to flow traffic, client 2 would answer, but the 301w would not pass the arp response back to client 1.

this also happened in the following situation:

client 1 -> 5.8 visible ssid -> 301w -> 2.4 hidden ssid -> client 2

as previously mentioned, as soon as i moved the hidden ssid the 2nd ssid on the 2.4g band this stopped. all works as expected.

last but not least disabling the hidden flag on the ssid also fixed it, but i want to keep my iot ssid hidden so i opted to use this solution.

a bit of a quirk, just posting this here in case anyone is noticing some bridging issues between the various interfaces on their br-lan bridge.

important note, these devices are in dumb-ap mode. my wan to lan happens 2 floors down where we rarely are. also my iot network is as vanilla as it gets so no 802.11k/v/r etc.

Acehigh · 2024-05-07T17:34:15.560Z

@asvio I am using your build with fan and led support since a month (kernel 6.6.23) and it is pretty stable. I can confirm that the device is getting pretty hot (80 to 90°C). Especially when you plug in a multi gig lan client or having a lot of wifi clients online. The annoying thing with the fan support is that it is only 0 or 1. So on/off with no throttling depending on the temperature. The fan is pretty noisy when running at 100%. Basically it is absolutely making sense to have the fan. With the fan running constanly at 100% than temperature drops to app. 60°C.

asvio · 2024-05-07T19:03:33.085Z

Acehigh:

The annoying thing with the fan support is that it is only 0 or 1

Yes i know, but the fan is not a pwm fan and you can't control its speed.

zerojj · 2024-05-07T23:12:27.776Z

yyyzz123:

ip link add name ifb-wan type ifb
ip link set dev ifb-wan up
tc qdisc add dev wan handle ffff: ingress
tc filter add dev wan parent ffff: protocol all u32 match u32 0 0 action nssmirred redirect dev ifb-wan fromdev wan
tc qdisc add dev ifb-wan root handle 1: nsstbl burst 116886 rate 940Mbit mtu 1518 accel_mode 0
tc qdisc add dev ifb-wan parent 1: handle 10: nssfq_codel limit 7740 flows 1024 quantum 1518 target 5ms interval 100ms set_default accel_mode 0

Hello! Sorry for the stupid question, but where can I find documentation about what might be in the /etc/config/ecm file? I want to enable hardware offload for LAN-WAN and Wi-Fi. And configure SQM (as I understand there is a built-in FQ_Codel), but in this thread there are several instructions, which one is more correct to use? In the quote I quote above, I understand there is only setting for ingress traffic?

qosmio · 2024-05-08T00:15:26.304Z

You shouldn't have to enable any NSS specific setting if you're building from my repo. ON is the default.

The repository contains all NSS kernel patches + feeds.conf.default for required NSS package + NSS SQM scripts.

You can use the frontend to enable SQM.

image1934×1146 193 KB

You can use my base config as a starting point

zerojj · 2024-05-08T02:06:26.055Z

Unfortunately, I use pre-assembled builds that were posted about a week ago in this thread.

I tried to build from your repository several times, but it works only under wrx36, as soon as I change the target to RAX120v2, I get an error when building the kernel.

time: target/linux/install#62.32#5.39#34.45
    ERROR: target/linux failed to build.

The update, without the j parameter (consider j -1), was compiled on the third try. I don’t understand why this happens, but to be honest, this also happens to me when building from the main OpenWrt branch (I mean that the firmware is not assembled the first or second time, you have to try many times)

qosmio · 2024-05-08T02:54:00.783Z

zerojj:

time: target/linux/install#62.32#5.39#34.45
    ERROR: target/linux failed to build.

You have to build with verbose option "V=s" to see the actual error.

make target/linux/install V=s

zek-cmd · 2024-05-08T03:24:11.335Z

Built using @JuliusBairaktaris builder pointing to your rebase repo @qosmio , added custom packages. Working so far 6.6.30 on my ax3600.

qosmio · 2024-05-08T03:25:26.758Z

UPDATE: Renamed current branch to "merge-qualcommax-6.x-nss-wifi" and "rebase-qualcommax-6.x-nss-wifi" is now the default "qualcommax-6.x-nss-wifi" that will be the rebased and current branch going forward. Should be a lot cleaner now.

Also, added NSS support for all ipq807x/ip817x targets.

    * Arcadyan AW1000
    * CMCC RM2-6
    * Linksys MX4200 V1/V2
    * Linksys MX5300
    * Sagemcom Fast 5285 Spectrum SAXV1V1S
    * Yuncore AX880
    * ZBT Z800AX
    * ZTE MF269