This commit addresses a crash that occurs when running crypto tasks on
IPQ807x devices explicitly utilizing the NSS cores. The crash was
reproducible in scenarios involving cryptographic operations offloaded
to the NSS cores (e.g., using cryptodev with OpenSSL or running the
crypto test module).
IMPORTANT: This fix should not be misunderstood as a general-purpose
performance boost for all cryptographic workloads. If your goal is to
accelerate AES encryption across the board (e.g., using OpenSSL for
routine file encryption), this approach is **not** practical.
The primary benefit of leveraging the NSS cores for cryptographic operations
is within VPN-oriented use cases, such as OpenVPN or IPsec, where the
offloading to NSS cores can reduce CPU load and improve throughput.
It’s critical to note that this fix will **not** accelerate encryption
for protocols like Wireguard. Wireguard’s design uses ChaCha20-Poly1305
rather than AES, and it cannot easily be offloaded to hardware.
Additionally, Wireguard uses short-lived cryptographic keys that rotate
frequently. This frequent key rotation makes it difficult to interface
with hardware offloading mechanisms, which are typically optimized for
long-lived sessions like those found in IPsec.
Signed-off-by: Sebastian Gottschall <s.gottschall@dd-wrt.com>
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Cleans up mesh stats naming to remove 'mesh' from prefix as it's already
prefixed when displaying. Otherwise it shows up as 'mesh_mesh'
Signed-off-by: Sean Khan <datapronix@protonmail.com>
NSS_IPV4_RULE_CREATE_RAWIP_VALID is only found in NSS FW 12.5 and
higher. Check if enabled before and macros for it.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Ensures NSS cores are fully booted to hopefully workaround issues with
wifi stats (rx/tx rates) and inactive time.
Patch-by: Sebastian Gottschall <s.gottschall@dd-wrt.com>
Signed-off-by: Sean Khan <datapronix@protonmail.com>
This bumps NSS 11.4.0.5-5 to 11.4.0.5-6 along with the driver and client
packages.
This is the actual final release of 11.4.0.5 series. It brings in
changes related to mesh dummy paths and wifi.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
The idea that "newer" NSS firmware = "better" is not always true.
Especially given that 11.4 is the only firmware known to work with mesh,
among other issues like WDS/rmnet_nss being broken on 12.5 releases.
Add option to allow building for all known and available NSS firmwares.
The following are now supported NSS firmwares:
1.) 11.4.0.5-5
2.) 12.1
3.) 12.2
4.) 12.5
Users should start with 11.4 as that seems to be the one with the most
enabled features. It is now also the default version.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
This script is meant to set various skb_recycler settings. There is a
similar version in QSDK, but it's packaged in the main repo, rather than
an external package like 'qca-nss-drv'. To avoid making too many changes
in the main repo, introduce this script in `qca-nss-drv`.
This script will read the following config:
/etc/config/skb_recycler
```
config skb_recycler 'opt'
option max_skbs '1024'
option max_spare_skbs '256'
option enable '1'
```
Users are encouraged to experiment disabling `skb_recycler` to see if
memory leaks are still occuring, especially on 512M boards. There are issues
currently where skb_recycler corrupts skbs during times of high traffic, but there
wasn't a way to completely disable it.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
`NSS_IPV4_RULE_CREATE_RAWIP_VALID` is only available in NSS FW
version 12.5, which is not publically availiable.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
* Cleaned up backports patch to only bring in header changes if they are
not tied directly to NSS firmware API. Because the API for NSS
firmware has strict structure and ordering, it ends up messing with
driver calls.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
These were accidently configured as 'y' when it was supposed to be 'm'
Should resolve the following build errors:
```
qca-nss-tun6rd.ko' is missing.
```
Signed-off-by: Sean Khan <datapronix@protonmail.com>
`0012-Makefile-modularize-driver.patch` mistakenly added 'wifi_mesh_init'
when it was already in 'nss_init.c'.
The patch following `0013-backport-12.4.patch` would then
clean up the "duplicated" entries.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Added a custom function to show NSS firmware version during boot.
```
[Mon Jul 8 07:45:21 2024] qca-nss 39000000.nss: NSS FW Version: NSS.FW.12.1-022-HK.R
```
And
```
[Mon Jul 8 07:21:12 2024] qca-nss 39000000.nss: NSS FW Version: NSS.HK.11.4.0.5-5-R
```
Not sure why Qualcomm never included this ability in their drivers, since
it's clearly there in every firmware.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
When using `nft insert rule` the rule is inserted on top of the
`forward_wan` chain, which bypasses any filtering in place. Instead,
append the rule to the end of the chain.
Other changes include renaming chain `RATE-LIMIT` to `ECM-RATE-LIMIT`
for better rule classification, and `shellformat` formatting.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
`lo` and `bonding_masters` interfaces are not managed by ethtool, so
should be skipped when disabling any interface features.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Cleaned up formatting and changed the way console messages are printed.
The message will now properly show up in dmesg output with color, and
date formatting rather than a non descriptive message like the following:
Before:
```
/lib/firmware/qca-nss0-retail.bin 33
/lib/firmware/qca-nss1-retail.bin 33
```
After:
```
[Mon Jul 8 07:21:12 2024] hotplug: symlinking /lib/firmware/qca-nss0.bin to /lib/firmware/qca-nss0-retail.bin
[Mon Jul 8 07:21:12 2024] hotplug: symlinking /lib/firmware/qca-nss1.bin to /lib/firmware/qca-nss1-retail.bin
```
Signed-off-by: Sean Khan <datapronix@protonmail.com>
This is mostly a cosmetic change and meant to make it easier to see
the to see history of commits.
The currently published NSS FW on QUIC's repo is:
NSS.HK.11.4.0.5-5-R which is on branch caf_migration/NHSS.QSDK.11.4.0.5
However, it's not the latest of the `11.4.0.5` release which is
NSS.HK.11.4.0.5-6-R which is on branch `origin/NSS_11.4.0.5`
Although the versions look to be minor releases. NSS driver shows
significant changes in the headers files concerning `wifi` and `wifi
mesh`.
When doing a diff between the 2 releases, it was hard to tell exactly
what changed because most of it seemed to be non-functional changes,
formatting, etc. This patch is only meant to make the files visually
similiar between the two releases, to better show functional changes.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
commit 1bcef1647804d08e3d00b6f651086878786494e0 (HEAD, origin/NHSS.QSDK.12.5)
Author: Manish Verma <quic_maniverm@quicinc.com>
AuthorDate: Wed Jun 12 18:05:27 2024 +0530
Commit: Manish Verma <quic_maniverm@quicinc.com>
CommitDate: Mon Jun 24 22:04:14 2024 -0700
[nss-qdisc] Replace add_timer() to mod_timer()
For the unserialized modification of the timer's timerout, mod_timer()
API seems to be better suited as compared to the add_timer() API
Change-Id: I53fbb6174b975571dd3cc5cdd4ac3561903e178b
Signed-off-by: Manish Verma <quic_maniverm@quicinc.com>
(cherry picked from commit 55146834637d55f081f843e7330d4f1e7fe886dc)
Signed-off-by: Sean Khan <datapronix@protonmail.com>
refactored the logic in `__nss_hal_request_irq` to use case statements,
with a single call to `netif_napi_add_weight` and `request_irq`.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Reworked flawed smp_affinity logic. It was assumed that all 'nss_*' IRQs
needed to be equally balanced across all CPUs. However, what ends up
happening most of the time is messing with scheduling, thrashing, missed
cache and high context switching.
For each core:
1. nss_empty_buf_sos
2. nss_empty_buf_queue
3. nss_queue0
The IRQs should be kept on the same CPU. Doing so allows NSS cores to
properly feed and empty the queues.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
This allows specifiying `CONFIG_NSS_FIRMWARE_VERSION_.*` on
the command line without having to set in .config. This is helpful if
needing to build/test both version quickly.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
iptables based bridge filtering is incompatible with nftables (fw4), and
causes just causes NAT loopback issues.
This is only required for systems using legacy iptables (fw3) as the
primary firewalling. nftables doesn't need explicit enablement of bridge filtering.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Update to comply with APK's `pkgver` format.
Rather than stick with the same convention as upstream `qca-ssdk` and
`qca-nss-dp` which uses:
```
$(PKG_NAME)-$(PKG_SOURCE_DATE)~$(PKG_SOURCE_VERSION)
```
i.e. `qca-ssdk-2024.06.13~c451136b.tar.zst`
Add in the QSDK version as part of the release since we
have options to build for both 11.4 and 12.5. This makes it easier to
debug build related issues, by knowing exactly which QSDK version is
being built against.
Example:
```
qca-nss-drv-11.4.0.5.2021.06.24~dc14ca2.tar.zst
qca-nss-drv-12.5.2024.04.06~53a0dc1.tar.zst
qca-nss-clients-11.4.0.5.2021.08.17~153998d.tar.zst
qca-nss-clients-12.5.2024.03.05~9a53b18.tar.zst
```
Signed-off-by: Sean Khan <datapronix@protonmail.com>
allow users to specify specific metric to view, rather than
everything
Available stats objects:
cpu
crypto_cmn
dma
drv
dynamic_if
edma
eth_rx
ipv4
ipv6
n2h
unaligned
virt_if
wifi_ext_vdev
wifi
mesh
Usage: nss_stats obj1 obj2 ...
Default with no parameters shows all
Signed-off-by: Sean Khan <datapronix@protonmail.com>
