Qualcommax NSS Build

ok so I followed every single steps here on building the firmware
this is what I am getting when doing speedtest

image1795×911 90.2 KB

this is my nss_diag

root@OpenWrt:~# nss_diag
     MODEL: Arcadyan AW1000
   OPENWRT: r28017-18df6f3502
IPQ BRANCH: qualcommax-6.x-nss-wifi
IPQ COMMIT: 18df6f3502
  IPQ DATE: 2024-10-21
    NSS FW: NSS.HK.11.4.0.5-6-R
  MAC80211: v6.11.2-0-g7aa21fec187b
 ATH11K FW: WLAN.HK.2.9.0.1-02146-QCAHKSWPL_SILICONZ-1
  GRO FRAG: br-lan      : off
            erspan0     : off
            gre0        : off
            gretap0     : off
            lan1        : off
            lan2        : off
            lan3        : off
            lan4        : off
            phy0-ap0    : off
            phy1-ap0    : off
            wan         : off
            wwan0       : off
            wwan0_1     : off

  NSS PKGS: kmod-qca-nss-dp - 6.6.57.2024.04.16~5bf8b91e-r1
            kmod-qca-nss-drv - 6.6.57.11.4.0.5.2021.09.13~53e5863-r15
            kmod-qca-nss-drv-bridge-mgr - 6.6.57.11.4.0.5.2021.08.17~c4049d1-r7
            kmod-qca-nss-drv-igs - 6.6.57.11.4.0.5.2021.08.17~c4049d1-r7
            kmod-qca-nss-drv-qdisc - 6.6.57.11.4.0.5.2021.08.17~c4049d1-r7
            kmod-qca-nss-drv-vlan-mgr - 6.6.57.11.4.0.5.2021.08.17~c4049d1-r7
            kmod-qca-nss-drv-wifi-meshmgr - 6.6.57.11.4.0.5.2021.08.17~c4049d1-r7
            kmod-qca-nss-ecm - 6.6.57.12.5.5.2024.09.02~bd5057b-r3
            nss-firmware-default - 2024.08.04~794fe373-r1
            nss-firmware-ipq8074 - 2024.08.04~794fe373-r1
root@OpenWrt:~#

The NSS patch needs to be updated.

Check nss stats to see if data is being processed.

nss_stats rmnet_rx

Just dropping my 5 pence here:

Is your wan PPPOE? If so you'd need to add kmod-qca-nss-drv-pppoe to the build (it's not there by default).

I had a similar situation recently, where I forgot to add it and my nbg7815 was struggling to achieve line speed and cpu was nearly maxed out.

Probably @qosmio should add it to the excellent readme in optional section and in config-nss.seed or additional NSS packages.

Having trouble successfully flashing builds from the qualcommax-6.x-nss-wifi branch of @qosmio's fork on my two MX4200Cs. Haven't made any changes to build configuration other than enabling my target model (I selected MX4200v1 as it appears to be equivalent). After flashing the sysupgrade image through LuCI the router immediately reboots, and seems to hang - the top LED rapidly flashes green and a reboot after waiting quite a while makes it go to solid blue, but the router is completely unresponsive and doesn't respond to pings in either state. Don't have a serial adapter at the moment so unfortunately I can't provide much info on what is going on.

I was earlier able to flash them with @AgustinLorenzo's pre-built images however was unable to get mesh functionality working, for some reason I can't get the radios to turn on when configured for 802.11s - tried using radio0 and radio2 but it has the same behavior on either. Everything else I tested seemed to be fully functioning otherwise.

It's hard to say what could be failing without console access output. Have you confirmed you can switch back to previous version? Turn the power on and off 4 times, waiting around 3 seconds each in the "off" position.

Yeah I am able to revert back without issue fortunately.

Edit: I evidently glossed over the critical step of flashing a factory image to the alternate kernel partition before going through with any sysupgrades... Mesh setup is now fully working on @qosmio's fork. Thanks for the super helpful example config

Glad to hear! BTW, just pushed an update to the mesh example configs. Should now be fully working in sae-mixed (WPA2/WPA3) mode with fast transition (802.11r).

weirdly in the qnap I am getting reboots if I am doing parallel downloads (for instance if I am doing a build with -j12 ...)
here's the pstore

<4>[52021.039797] Ignoring NSS change in VHT Operating Mode Notification from 96:42:e5:27:ce:3b with invalid nss 2
<4>[52234.124184] Ignoring NSS change in VHT Operating Mode Notification from 96:42:e5:27:ce:3a with invalid nss 2
<1>[82675.645397] Unable to handle kernel execute from non-executable memory at virtual address 0000000000000000
<1>[82675.654328] Mem abort info:
<1>[82675.663780]   ESR = 0x0000000086000005
<1>[82675.666459]   EC = 0x21: IABT (current EL), IL = 32 bits
<1>[82675.670280]   SET = 0, FnV = 0
<1>[82675.675744]   EA = 0, S1PTW = 0
<1>[82675.678609]   FSC = 0x05: level 1 translation fault
<1>[82675.681663] user pgtable: 4k pages, 39-bit VAs, pgdp=000000005d4b2000
<1>[82675.686516] [0000000000000000] pgd=080000005d4b0003, p4d=080000005d4b0003, pud=080000005d4b0003, pmd=0000000000000000
<0>[82675.693123] Internal error: Oops: 0000000086000005 [#1] PREEMPT SMP
<4>[82675.703698] Modules linked in: ecm(O) pppoe ppp_async l2tp_ppp ath11k_ahb(O) ath11k(O) wireguard sch_fq_pie qmi_wwan pptp pppox ppp_mppe ppp_generic nft_fib_inet nf_flow_table_inet mac80211(O) libchacha20poly1305 ipt_REJECT ebtable_nat ebtable_filter ebtable_broute chacha_neon cfg80211(O) xt_time xt_tcpudp xt_tcpmss xt_string xt_statistic xt_state xt_socket xt_recent xt_quota xt_policy xt_pkttype xt_physdev xt_owner xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_iprange xt_hl xt_helper xt_hashlimit xt_esp xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connlabel xt_connbytes xt_comment xt_cgroup xt_bpf xt_addrtype xt_TCPMSS xt_REDIRECT xt_NFQUEUE xt_NFLOG xt_NETMAP xt_MASQUERADE xt_LOG xt_HL xt_FLOWOFFLOAD xt_DSCP xt_CT xt_CLASSIFY xt_CHECKSUM xfrm_interface usbnet ums_usbat ums_sddr55 ums_sddr09 ums_karma ums_jumpshot ums_isd200 ums_freecom ums_datafab ums_cypress ums_alauda ts_fsm ts_bm tcp_scalable tcp_bbr slhc sch_skbprio sch_prio sch_pie sch_cake rotary_encoder qrtr_tun qrtr_smd qrtr_mhi qrtr
<4>[82675.704073]  qmi_helpers(O) poly1305_neon nft_xfrm nft_tproxy nft_socket nft_reject_ipv6 nft_reject_ipv4 nft_reject_inet nft_reject_bridge nft_reject nft_redir nft_quota nft_queue nft_numgen nft_nat nft_meta_bridge nft_masq nft_log nft_limit nft_hash nft_fwd_netdev nft_flow_offload nft_fib_ipv6 nft_fib_ipv4 nft_fib nft_dup_netdev nft_ct nft_connlimit nft_compat nft_chain_nat nfnetlink_queue nfnetlink_log nf_tproxy_ipv6 nf_tproxy_ipv4 nf_tables nf_socket_ipv6 nf_socket_ipv4 nf_reject_ipv4 nf_nat_tftp nf_nat_snmp_basic nf_nat_sip nf_nat_pptp nf_nat_irc nf_nat_h323 nf_nat_ftp nf_nat_amanda nf_log_syslog nf_flow_table nf_dup_netdev nf_conntrack_tftp nf_conntrack_snmp nf_conntrack_sip nf_conntrack_sane nf_conntrack_pptp nf_conntrack_netlink nf_conntrack_netbios_ns nf_conntrack_irc nf_conntrack_h323 nf_conntrack_ftp nf_conntrack_broadcast nf_conntrack_bridge ts_kmp nf_conntrack_amanda nf_conncount mhi_pci_generic mhi_net mhi mdio_netlink(O) macvlan libcurve25519_generic libchacha ipvlan iptable_raw iptable_nat
<4>[82675.777754]  iptable_mangle iptable_filter ipt_rpfilter ipt_ah ipt_ECN ip6table_raw ip6t_rpfilter ip_tables ebtables ebt_vlan ebt_stp ebt_redirect ebt_pkttype ebt_mark_m ebt_mark ebt_limit ebt_among ebt_802_3 compat(O) cls_flower cdc_wdm arptable_filter arpt_mangle arp_tables act_vlan fuse sch_teql sch_sfq sch_multiq sch_gred sch_fq sch_codel em_text em_nbyte em_meta em_cmp act_skbmod act_simple act_pedit act_csum libcrc32c em_ipset cls_bpf act_bpf act_connmark sch_tbf sch_ingress sch_htb sch_hfsc em_u32 cls_u32 cls_route cls_matchall cls_fw cls_flow cls_basic act_skbedit act_mirred act_gact evdev input_core gpio_fan qca_nss_cfi_cryptoapi(O) qca_nss_crypto(O) i2c_gpio i2c_algo_bit qca_nss_wifi_meshmgr(O) qca_nss_vxlanmgr(O) qca_nss_lag_mgr(O) qca_nss_gre(O) qca_nss_bridge_mgr(O) qca_nss_vlan(O) i2c_mux_reg i2c_mux_gpio i2c_mux cryptodev(O) xt_set ip_set_list_set ip_set_hash_netportnet ip_set_hash_netport ip_set_hash_netnet ip_set_hash_netiface ip_set_hash_net ip_set_hash_mac ip_set_hash_ipportnet ip_set_hash_ipportip
<4>[82675.866598]  ip_set_hash_ipport ip_set_hash_ipmark ip_set_hash_ipmac ip_set_hash_ip ip_set_bitmap_port ip_set_bitmap_ipmac ip_set_bitmap_ip ip_set nfnetlink ip6table_nat nf_nat nf_conntrack nf_defrag_ipv4 ip6t_NPT ip6t_rt ip6t_mh ip6t_ipv6header ip6t_hbh ip6t_frag ip6t_eui64 ip6t_ah ip6table_mangle ip6table_filter ip6_tables ip6t_REJECT x_tables nf_reject_ipv6 qca_mcs(O) ksmbd bonding tls ip6_gre ip_gre gre ifb nat46(O) nf_defrag_ipv6 l2tp_ip6 l2tp_ip l2tp_eth ip6_vti ip_vti sit qca_nss_drv(O) l2tp_netlink l2tp_core ipcomp6 xfrm6_tunnel esp6 ah6 xfrm4_tunnel ipcomp esp4 ah4 ipip ip6_tunnel xsk_diag netlink_diag tunnel6 tunnel4 veth tun mpls_iptunnel mpls_router ip_tunnel mpls_gso xfrm_user xfrm_ipcomp af_key xfrm_algo cifs oid_registry nls_ucs2_utils cifs_md4 cifs_arc4 asn1_decoder autofs4 dns_resolver netfs nls_utf8 nls_iso8859_1 nls_cp437 vxlan udp_tunnel ip6_udp_tunnel nsh macsec ecdh_generic ecc xxhash_generic xcbc crypto_user algif_skcipher algif_rng algif_hash algif_aead af_alg sha512_generic sha512_arm64
<4>[82675.956921]  sha2_ce sha256_arm64 sha1_ce seqiv sha3_generic jitterentropy_rng drbg pcbc michael_mic md5 md4 kpp hmac echainiv geniv des_generic cts cmac chacha20poly1305 arc4 uas usb_storage leds_gpio xhci_plat_hcd xhci_pci xhci_hcd dwc3 dwc3_qcom uhci_hcd ohci_platform ohci_hcd fsl_mph_dr_of ehci_platform ehci_fsl ehci_hcd qca_nss_dp(O) qca_ssdk(O) ramoops reed_solomon pstore gpio_button_hotplug(O) vfat fat f2fs ext4 mbcache jbd2 gpio_cascade mux_gpio mux_core aquantia hwmon crc_ccitt mii crc32c_generic crc32_generic
<4>[82676.091967] CPU: 3 PID: 0 Comm: swapper/3 Tainted: G           O       6.6.58 #0
<4>[82676.114203] Hardware name: QNAP 301w (DT)
<4>[82676.121577] pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
<4>[82676.125487] pc : 0x0
<4>[82676.132249] lr : nf_ct_expect_event_report+0x88/0xb4 [nf_conntrack]
<4>[82676.134688] sp : ffffffc080e038d0
<4>[82676.140670] x29: ffffffc080e038d0 x28: ffffff801d5f8c00 x27: 0000000000000000
<4>[82676.144150] x26: ffffffc07973ab40 x25: ffffffc07973bbb0 x24: ffffff80069d8818
<4>[82676.151269] x23: ffffffc079f74958 x22: 0000000000000000 x21: 0000000000000000
<4>[82676.158387] x20: 0000000000000000 x19: ffffff80069d8798 x18: 0000000000000014
<4>[82676.165505] x17: 000000004f24775d x16: 00000000f8a7a082 x15: 00001fdcc8752ea0
<4>[82676.172623] x14: 00001fdcc8752ea0 x13: 000000000000007a x12: 0000000000000001
<4>[82676.179740] x11: 00000000000f8700 x10: 00000000000f8700 x9 : 0000000000000000
<4>[82676.186858] x8 : ffffffc080e038e8 x7 : 0602acbc0625ebf7 x6 : ffffff803fdc86c8
<4>[82676.193976] x5 : ffffff803fdc7fe8 x4 : ffffff80069d87a8 x3 : 0000000000000000
<4>[82676.201095] x2 : 0000000000000000 x1 : ffffffc080e03910 x0 : 0000000000000001
<4>[82676.208214] Call trace:
<4>[82676.215322]  0x0
<4>[82676.217577]  nf_ct_expect_related_report+0x470/0x60c [nf_conntrack]
<4>[82676.219669]  nf_nat_exp_find_port+0x74/0xc0 [nf_nat]
<4>[82676.225656]  0xffffffc0799570c4
<4>[82676.230860]  0xffffffc079b997b8
<4>[82676.233726]  nf_confirm+0x174/0x2b8 [nf_conntrack]
<4>[82676.236854]  nf_hook_slow+0x48/0xf4
<4>[82676.241711]  ip_output+0xb0/0xe4
<4>[82676.245097]  ip_forward_finish+0x70/0xac
<4>[82676.248570]  ip_forward+0x59c/0x5d4
<4>[82676.252476]  ip_rcv_finish+0x90/0xb0
<4>[82676.255688]  ip_rcv+0xa0/0xd8
<4>[82676.259507]  __netif_receive_skb_one_core+0x48/0x58
<4>[82676.262375]  process_backlog+0xc0/0x1ec
<4>[82676.267059]  __napi_poll+0x38/0x20c
<4>[82676.270878]  net_rx_action+0x134/0x2b0
<4>[82676.274352]  handle_softirqs+0x110/0x35c
<4>[82676.278171]  __do_softirq+0x14/0x20
<4>[82676.282251]  ____do_softirq+0x10/0x1c
<4>[82676.285462]  call_on_irq_stack+0x24/0x4c
<4>[82676.289283]  do_softirq_own_stack+0x1c/0x34
<4>[82676.293275]  irq_exit_rcu+0x90/0xc4
<4>[82676.297181]  el1_interrupt+0x38/0x68
<4>[82676.300655]  el1h_64_irq_handler+0x18/0x24
<4>[82676.304473]  el1h_64_irq+0x68/0x6c
<4>[82676.308379]  default_idle_call+0x6c/0x144
<4>[82676.311764]  do_idle+0x1d4/0x1f4
<4>[82676.315844]  cpu_startup_entry+0x34/0x3c
<4>[82676.319145]  cpu_die_early+0x0/0x8c
<4>[82676.323049]  __secondary_switched+0xb8/0xbc
<0>[82676.326274] Code: ???????? ???????? ???????? ???????? (????????)
<4>[82676.330435] ---[ end trace 0000000000000000 ]---
<3>[82676.351599] pstore: backend (ramoops) writing error (-28)
<0>[82676.351637] Kernel panic - not syncing: Oops: Fatal exception in interrupt
<2>[82676.355980] SMP: stopping secondary CPUs
<0>[82676.362751] Kernel Offset: disabled
<0>[82676.366823] CPU features: 0x0,00000000,00000000,0000400b
<0>[82676.370038] Memory Limit: none

anyone getting similar crashes ?

it seem in result of

[52021.039797] Ignoring NSS change in VHT Operating Mode Notification from  with invalid nss 2
[52234.124184] Ignoring NSS change in VHT Operating Mode Notification from  with invalid nss 2

Hi @qosmio and @AgustinLorenzo,

I keep having problems setting up my vlan configuration on my Linksys MX4200v1.
Right now I have removed all DSA configuration and followed the example in this link https://github.com/qosmio/openwrt-ipq/tree/qualcommax-6.x-nss-wifi/nss-setup/example.

Below is my config:

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'MAC_ADRESS::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'wan'
	option igmp_snooping '1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.2'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.1.1'
	option broadcast '192.168.1.255'
	list dns '192.168.1.1'
	option force_link '0'

config device
	option type '8021q'
	option ifname 'wan'
	option vid '99'
	option name 'wan.99'

config device
	option type 'bridge'
	option name 'br-dmz'
	option igmp_snooping '1'
	list ports 'wan.99'

config interface 'DMZ'
	option proto 'none'
	option device 'br-dmz'

And then the wireless configuration:

config wifi-iface 'wifinet4'
	option device 'radio0'
	option mode 'ap'
	option ssid 'HomeDMZ_TMP'
    option network 'br-dmz'
	option encryption 'psk2'
	option key '**********'
	option bss_transition '1'
	option dtim_period '3'

When I tried to connect to the network, I got the following logs:

root@OpenWrt:~# logread -f
Sun Oct 27 08:00:28 2024 daemon.info hostapd: phy0-ap1: STA MAC_ADRESS IEEE 802.11: authenticated
Sun Oct 27 08:00:28 2024 daemon.info hostapd: phy0-ap1: STA MAC_ADRESS IEEE 802.11: associated (aid 1)
Sun Oct 27 08:00:28 2024 daemon.notice hostapd: phy0-ap1: AP-STA-CONNECTED MAC_ADRESS auth_alg=open
Sun Oct 27 08:00:28 2024 daemon.info hostapd: phy0-ap1: STA MAC_ADRESS RADIUS: starting accounting session 349CBDF13C33EED0
Sun Oct 27 08:00:28 2024 daemon.info hostapd: phy0-ap1: STA MAC_ADRESS WPA: pairwise key handshake completed (RSN)
Sun Oct 27 08:00:28 2024 daemon.notice hostapd: phy0-ap1: EAPOL-4WAY-HS-COMPLETED MAC_ADRESS
Sun Oct 27 08:00:29 2024 daemon.notice hostapd: phy0-ap1: BSS-TM-QUERY MAC_ADRESS reason=5(null)
Sun Oct 27 08:00:29 2024 daemon.notice hostapd: phy0-ap1: BSS-TM-RESP MAC_ADRESS status_code=6 bss_termination_delay=0
Sun Oct 27 08:00:46 2024 daemon.notice hostapd: phy0-ap1: AP-STA-DISCONNECTED MAC_ADRESS

Do you know what the problem might be? I have disabled the dnsmasq, firewall and odhcpd services on my dummy AP. And it looks like the dEADkIRK have a similar problem.

Notice: In the LUCI UI it is not possible to add the device config (br-dmz), but yes the network config (DMZ) , but I already tried both options but it does not work.

Best regards,
Paulo

hye,i got an issues for new build nss repo by @qosmio .build clean compile for arcadyan aw1000..after flash no issues,but after i set networrk interface for quectel cellular..modem keep rebooting or kernel panic..hope develpor or other experienced can help me

I have been running 23.05 on my Xiaomi AX3600 so far, but decided to give these NSS builds a try since I use Wireguard and wanted also to setup Adguard. The problem I am facing with the NSS builds is that WiFi clients do not get an IP address. I have already started from scratch, by performing a fatory reset. Any idea what could be wrong here? Is there anyone with Xiaomi AX3600 running @AgustinLorenzo's builds?

The first two are unrelated to the panic. It occurred around
14h and 27m after boot, while the panic occurred 8 hours after that warning.

Your error looks to be around here.

Which indicates likely a mix of overloaded # connections + kernel memory exhaustion. Are you running custom sysctl settings?

sort /etc/sysctl.d/* /etc/sysctl.conf

I should add those VLAN configs were mostly taken from @glassdoor and @Ka6uka's own configs here and here. I wasn't able to verify personally as my setup isn't isolated. I briefly tested with a guest vlan and it worked work me. Are you managing the VLANs on the router itself (dhcp) or a managed switch?

Can you try reverting to a previous version of the quectel.sh script?

On your router replace /lib/netifd/proto/quectel.sh with this file and try to connect again:

https://raw.githubusercontent.com/qosmio/nss-packages/28cc54ff7714f326c7e427221d967bbe63b100b6/wwan/app/quectel-cm/files/quectel.sh

Please post nss_diag output. It's likely you have rx-gro-list enabled on the interface.

Here are details on how to create it; I've replicated it several times. Don't forget Reboot.

want to add that on mx4300 vlan config works in my dumbAP setup nss build. (setup vlan device, bridge device,create network interface on bridge, assign interface to SSID)

This may not be calming to you but I get the same errors on R7800 with 23.05 NSS build.

[quote="rmandrad, post:4150, topic:148529"]
[1052398.328716] Ignoring NSS change in VHT Operating Mode Notification from xx:xx:xx:xx:xx:0f with invalid nss 2
[1052482.318413] Ignoring NSS change in VHT Operating Mode Notification from xx:xx:xx:xx:xx:0f with invalid nss 1
[/quote]

@qosmio
On current nss_diag I don't see my WG interfaces listed.

root@QNAP:~# nss_diag
     MODEL: QNAP 301w
   OPENWRT: r28068-af58d26e74
IPQ BRANCH: qualcommax-6.x-nss-wifi
IPQ COMMIT: af58d26e74
  IPQ DATE: 2024-10-27
    NSS FW: NSS.FW.12.2-161-HK.R
  MAC80211: v6.11.2-0-g7aa21fec187b
 ATH11K FW: WLAN.HK.2.9.0.1-02146-QCAHKSWPL_SILICONZ-1
 INTERFACE: br-lan     tx-checksumming: on  rx-gro-list: off
            10g-1      tx-checksumming: on  rx-gro-list: off
            10g-2      tx-checksumming: on  rx-gro-list: off
            lan1       tx-checksumming: on  rx-gro-list: off
            lan2       tx-checksumming: on  rx-gro-list: off
            lan3       tx-checksumming: on  rx-gro-list: off
            lan4       tx-checksumming: on  rx-gro-list: off
            phy0-ap0   tx-checksumming: on  rx-gro-list: off
            phy1-ap0   tx-checksumming: on  rx-gro-list: off

  NSS PKGS: kmod-qca-nss-dp - 6.6.58.2024.04.16~5bf8b91e-r1
            kmod-qca-nss-drv - 6.6.58.12.5.2024.04.06~53a0dc1-r15
            kmod-qca-nss-drv-bridge-mgr - 6.6.58.12.5.2024.06.12~1bcef16-r7
            kmod-qca-nss-drv-igs - 6.6.58.12.5.2024.06.12~1bcef16-r7
            kmod-qca-nss-drv-qdisc - 6.6.58.12.5.2024.06.12~1bcef16-r7
            kmod-qca-nss-drv-vlan-mgr - 6.6.58.12.5.2024.06.12~1bcef16-r7
            kmod-qca-nss-ecm - 6.6.58.12.5.5.2024.09.02~bd5057b-r3
            nss-firmware-default - 2024.08.04~794fe373-r1
            nss-firmware-ipq8074 - 2024.08.04~794fe373-r1

here's the output ... & thank you @qosmio for having a look

# /etc/sysctl.conf can be used to customize sysctl settings
# /etc/sysctl.conf can be used to customize sysctl settings
# /etc/sysctl.conf can be used to customize sysctl settings
# /etc/sysctl.conf can be used to customize sysctl settings
# Defaults are configured in /etc/sysctl.d/* and can be customized in this file
# Do not edit, changes to this file will be lost on upgrades
# Do not edit, changes to this file will be lost on upgrades
# Do not edit, changes to this file will be lost on upgrades
# Do not edit, changes to this file will be lost on upgrades
# disable bridge firewalling by default
# nf_conntrack_tcp_no_window_check is 0 by default, set it to 1
fs.protected_hardlinks=1
fs.protected_symlinks=1
fs.suid_dumpable=2
kernel.core_pattern=/tmp/%e.%t.%p.%s.core
kernel.panic=3
net.bridge.bridge-nf-call-arptables=0
net.bridge.bridge-nf-call-arptables=0
net.bridge.bridge-nf-call-ip6tables=0
net.bridge.bridge-nf-call-ip6tables=0
net.bridge.bridge-nf-call-iptables=0
net.bridge.bridge-nf-call-iptables=0
net.core.bpf_jit_enable=1
net.core.bpf_jit_kallsyms=1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.default.arp_ignore=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.icmp_ignore_bogus_error_responses=1
net.ipv4.igmp_max_memberships=100
net.ipv4.ip_forward=1
net.ipv4.tcp_congestion_control=bbr
net.ipv4.tcp_dsack=1
net.ipv4.tcp_fin_timeout=30
net.ipv4.tcp_keepalive_time=120
net.ipv4.tcp_sack=1
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_timestamps=1
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.default.forwarding=1
net.netfilter.nf_conntrack_acct=1
net.netfilter.nf_conntrack_checksum=0
net.netfilter.nf_conntrack_max=32768
net.netfilter.nf_conntrack_tcp_no_window_check=1
net.netfilter.nf_conntrack_tcp_timeout_established=7440
net.netfilter.nf_conntrack_udp_timeout=60
net.netfilter.nf_conntrack_udp_timeout_stream=180
root@dragonfly-qnap:~# cat /etc/sys
sysctl.conf      sysctl.d/        sysfs.conf       sysfs.d/         syslog.conf      sysupgrade.conf
root@dragonfly-qnap:~# cat /etc/sysctl.
sysctl.conf  sysctl.d/
root@dragonfly-qnap:~# cat /etc/sysctl.
sysctl.conf  sysctl.d/
root@dragonfly-qnap:~# cat /etc/sysctl.conf .
.ash_history  .config/      .ssh/         .wget-hsts
root@dragonfly-qnap:~# cat /etc/sysctl.conf
# Defaults are configured in /etc/sysctl.d/* and can be customized in this file
root@dragonfly-qnap:~# cat /etc/sysctl.
sysctl.conf  sysctl.d/
root@dragonfly-qnap:~# cat /etc/sysctl.d/
10-default.conf       11-br-netfilter.conf  11-nf-conntrack.conf  12-tcp-bbr.conf       qca-nss-ecm.conf
root@dragonfly-qnap:~# cat /etc/sysctl.d/12-tcp-bbr.conf
# Do not edit, changes to this file will be lost on upgrades
# /etc/sysctl.conf can be used to customize sysctl settings

net.ipv4.tcp_congestion_control=bbr
root@dragonfly-qnap:~# cat /etc/sysctl.d/qca-nss-ecm.conf
# nf_conntrack_tcp_no_window_check is 0 by default, set it to 1
net.netfilter.nf_conntrack_tcp_no_window_check=1
net.netfilter.nf_conntrack_max=32768
net.bridge.bridge-nf-call-arptables=0
net.bridge.bridge-nf-call-iptables=0
net.bridge.bridge-nf-call-ip6tables=0

There was a check added in kernel 6.9 that started enforcing IEEE Std 802.11-2020 - 9.4.1.53 Operating Mode field. Basically means that a station's NSS (number of spatial streams) should not exceed the maximum capability of the access point (AP) or what was negotiated initially. If a station signals a higher NSS , i.e. negotiating at 1x1 then requesting 2x2 for example, then it must be ignored or adjusted downwards.

I don't fully know why this is enforced esp if the AP in this case support 2x2 NSS. Assuming due to resource allocation and airtfime fairness. This issue is mostly related to Realtek and Mediatek chipsets.

I've filtered it out since the interfaces the offload disable script looks at are only physical and bridge interfaces. What you have showing looks ok.

Looks OK to me. The only thing I would suggest trying is changing the congestion control to cubic and testing again. I haven't really had much luck with BBR. Using NSS SQM + cubic has been pretty solid for me though.

sysctl -w net.ipv4.tcp_congestion_control=cubic

@qosmio I have checked the new wireless config, and I saw "ft_psk_generate_local" is disabled, so do I need to fill the R0/R1 key manually?