Instead forcing all components to be built together, selectively build
feature sets based on driver and client selections.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
In kernels prior to 6.10, dev_base_lock was required to protect the
net_device list traversal. From 6.10 onward the lock was
dropped in favor of RCU.
To preserve previous behavior (i.e. 24.10-nss on kernel 6.6), restore
read_lock()/read_unlock() and wrap into kernel macros check.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Upstream OpenWrt 24.10 and later uses nftables by default.
Bridge filtering is not really needed anymore.
This should also prevent unnecessary chain dependencies getting built
like like `kmod-ipt-ipopt`.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Several QCA NSS modules compile successfully but do not
function properly at runtime. This is due to either faulty
implementation or deliberate disabling of certain features in the NSS
firmware by Qualcomm.
Based on extensive testing with NSS firmware 11.4:
- Only 22 out of 64 dynamic interface types succeed in creation.
- All others return NACK, indicating lack of support or broken
implementation.
Modules affected include DTLS, IPSEC, TLS, CAPWAP, GRE redirect paths,
VXLAN, CLMAP and more.
OpenVPN support is partially enabled on crypto core, but requires patching
userspace OpenVPN to function — outside scope here. Wireguard is preferred
as it already achieves line-rate performance without relying on NSS offload.
Marking these kernel packages as BROKEN to prevent false expectations
and discourage their use, though they're available should Qualcomm
ever release a firmware that supports them. (NOT GOING TO HAPPEN...)
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Recent changes in nss-clients enabled unconditional evaluation
of the `qca-nss-drv-dtlsmgr` and `qca-nss-drv-tlsmgr` packages,
which always pulled in their dependencies, including `qca-nss-cfi`
and `qca-nss-crypto`, even if these packages were not selected.
This caused build failures due to missing symbols when the
required NSS crypto components were not enabled.
This commit updates the Makefiles for `qca-nss-crypto` and `qca-nss-cfi`
to ensure that their build and install steps are only executed
if the corresponding package is selected.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
commit 7a0c508 `treewide: rework handling platform specific features`
accidently set tun6rd and tlsmgr to 'y' vs. 'm' causing them to be built
if selected.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Overhaul the way platform-specific requirements are handled since
IPQ60xx and IPQ50xx don't support all the same features as IPQ807x.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Remove '-Wno-enum-conversion -Wno-unused-variable -Wno-int-conversion' from CFLAGS
and instead patch the code to fix the warnings.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
This commit updates 12.5 version of the nss-drv from:
1bcef16 -> 51be82d (2024-07-08)
Bringing in the following changes:
```
2024-07-08 - 26ed7e6 - [qca-nss-clients] Added a flag to check if HW UDP checksum is supported
2024-06-16 - 5514683 - [nss-qdisc] Replace add_timer() to mod_timer()
2024-06-11 - 3a567e0 - [qca-nss-clients] udp_st: Add a new mode to handle unsynchronized time
```
Signed-off-by: Sean Khan <datapronix@protonmail.com>
* qca-nss-drv: add ipq5018 support
* qca-nss-clients: add ipq5018 support
* qca-nss-crypto: add ipq5018 support
* qca-nss-cfi: add ipq5018 support
* qca-nss-macsec: add ipq5018 support
This bumps NSS 11.4.0.5-5 to 11.4.0.5-6 along with the driver and client
packages.
This is the actual final release of 11.4.0.5 series. It brings in
changes related to mesh dummy paths and wifi.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
These were accidently configured as 'y' when it was supposed to be 'm'
Should resolve the following build errors:
```
qca-nss-tun6rd.ko' is missing.
```
Signed-off-by: Sean Khan <datapronix@protonmail.com>
commit 1bcef1647804d08e3d00b6f651086878786494e0 (HEAD, origin/NHSS.QSDK.12.5)
Author: Manish Verma <quic_maniverm@quicinc.com>
AuthorDate: Wed Jun 12 18:05:27 2024 +0530
Commit: Manish Verma <quic_maniverm@quicinc.com>
CommitDate: Mon Jun 24 22:04:14 2024 -0700
[nss-qdisc] Replace add_timer() to mod_timer()
For the unserialized modification of the timer's timerout, mod_timer()
API seems to be better suited as compared to the add_timer() API
Change-Id: I53fbb6174b975571dd3cc5cdd4ac3561903e178b
Signed-off-by: Manish Verma <quic_maniverm@quicinc.com>
(cherry picked from commit 55146834637d55f081f843e7330d4f1e7fe886dc)
Signed-off-by: Sean Khan <datapronix@protonmail.com>
This allows specifiying `CONFIG_NSS_FIRMWARE_VERSION_.*` on
the command line without having to set in .config. This is helpful if
needing to build/test both version quickly.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Update to comply with APK's `pkgver` format.
Rather than stick with the same convention as upstream `qca-ssdk` and
`qca-nss-dp` which uses:
```
$(PKG_NAME)-$(PKG_SOURCE_DATE)~$(PKG_SOURCE_VERSION)
```
i.e. `qca-ssdk-2024.06.13~c451136b.tar.zst`
Add in the QSDK version as part of the release since we
have options to build for both 11.4 and 12.5. This makes it easier to
debug build related issues, by knowing exactly which QSDK version is
being built against.
Example:
```
qca-nss-drv-11.4.0.5.2021.06.24~dc14ca2.tar.zst
qca-nss-drv-12.5.2024.04.06~53a0dc1.tar.zst
qca-nss-clients-11.4.0.5.2021.08.17~153998d.tar.zst
qca-nss-clients-12.5.2024.03.05~9a53b18.tar.zst
```
Signed-off-by: Sean Khan <datapronix@protonmail.com>
note: qca-nss-crypto, and qca-nss-cfi are non-code change releases, but
align with naming scheme upstream anyways.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
The following modules have been disabled for either being broken,
incompatible or abandoned by Qualcomm:
* profile
* capwapmgr
* dtlsmgr
* ipsecmgr
* tlsmgr
* mscs
* nssinfo (netlink + libnl-nss)
There are significant changes between NSS version 11.4.0.5 and 12.1 (12.0.5),
that it doesn't really make sense to use it with older firmware (i.e. using mesh releated
features).
This change will explicitly link building the proper driver and client
packages when FW 12.1 or 11.4 is selected, while also backporting
patches from 12.4.
