Several QCA NSS modules compile successfully but do not
function properly at runtime. This is due to either faulty
implementation or deliberate disabling of certain features in the NSS
firmware by Qualcomm.
Based on extensive testing with NSS firmware 11.4:
- Only 22 out of 64 dynamic interface types succeed in creation.
- All others return NACK, indicating lack of support or broken
implementation.
Modules affected include DTLS, IPSEC, TLS, CAPWAP, GRE redirect paths,
VXLAN, CLMAP and more.
OpenVPN support is partially enabled on crypto core, but requires patching
userspace OpenVPN to function — outside scope here. Wireguard is preferred
as it already achieves line-rate performance without relying on NSS offload.
Marking these kernel packages as BROKEN to prevent false expectations
and discourage their use, though they're available should Qualcomm
ever release a firmware that supports them. (NOT GOING TO HAPPEN...)
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Recent changes in nss-clients enabled unconditional evaluation
of the `qca-nss-drv-dtlsmgr` and `qca-nss-drv-tlsmgr` packages,
which always pulled in their dependencies, including `qca-nss-cfi`
and `qca-nss-crypto`, even if these packages were not selected.
This caused build failures due to missing symbols when the
required NSS crypto components were not enabled.
This commit updates the Makefiles for `qca-nss-crypto` and `qca-nss-cfi`
to ensure that their build and install steps are only executed
if the corresponding package is selected.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
"@" symbol implies "CONFIG_SOME_SYMBOL" whereas without implies
"CONFIG_PACKAGE_some-package". The later is what we want here since
nss-eip-firmware is a package.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
commit 7a0c508 `treewide: rework handling platform specific features`
accidently set tun6rd and tlsmgr to 'y' vs. 'm' causing them to be built
if selected.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Overhaul the way platform-specific requirements are handled since
IPQ60xx and IPQ50xx don't support all the same features as IPQ807x.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
GCC 15 has stricter checks for header macros where
mismatches between `#ifndef` and `#define` are flagged as errors.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
First attempt at backporting the 12.5 ipq50xx fixes to 11.4.
Fixes compilation errors, but not tested on hardware yet.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
can`t compile qca-nss-ecm packages in case 'l2tp' I got issue that there is no ppp_generic package.
So, this change will fix building for l2tp case and will not broke pppoe case
EDIT: Fix whitespace
The previous refactor (32dd47ec) attempted to use a common definition
block (`nss-firmware-common`) for package metadata and builds.
However, the way it was referenced (`$(nss-firmware-common)`) didn't
work for inheriting properties like TITLE, SECTION, CATEGORY, or
the install logic via `$(call ...)` within the sub-package definitions.
This resulted in the platform-specific packages
(`ipq807x`, `ipq60xx`, `ipq50xx`) being built without any firmwares
leading to empty `.ipk` files and failure to boot.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
- Added proper CONFLICTS which should allow building multiple
firmwares in the same build tree.
- Updated version string for 11.4 (it was 5 when it's been 6 for a while)
- Adjusted nss-eip-firmware dependency to match IPQ807x/IPQ60xx since
'TARGET_qualcommax` included IPQ50xx which does not have EIP hardware.
- PKG_RELEASE bumped to 2
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Remove '-Wno-enum-conversion -Wno-unused-variable -Wno-int-conversion' from CFLAGS
and instead patch the code to fix the warnings.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
This commit updates 12.5 version of the nss-drv from:
1bcef16 -> 51be82d (2024-07-08)
Bringing in the following changes:
```
2024-07-08 - 26ed7e6 - [qca-nss-clients] Added a flag to check if HW UDP checksum is supported
2024-06-16 - 5514683 - [nss-qdisc] Replace add_timer() to mod_timer()
2024-06-11 - 3a567e0 - [qca-nss-clients] udp_st: Add a new mode to handle unsynchronized time
```
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Mostly cosmetic changes, but also:
* Extend kernel version handling so kernels 6.1–6.14
are supported (untested on > 6.6)
* Replace various `NSS_SUCCESS`/`NSS_FAILURE` return codes with
`NSS_TX_SUCCESS`/`NSS_TX_FAILURE`
* Change di_data.response initialization in the dynamic interface
to use NSS_CMN_RESPONSE_ACK.
Primary affects `0016-nss-drv-add-support-for-kernel-6.6.patch`, while
other patches were refreshed.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
In Linux kernel 6.6, the sysctl infrastructure changed
how it handles user/kernel memory boundaries.
The sysctl handlers now take a regular void *buffer instead
of void __user *buffer because the sysctl core now handles
the user-to-kernel copy/validation automatically.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Only build frontend based on selected acceleration engine.
ECM can build frontends for NSS/SFE/PPE, but for now only include option
for NSS.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Brings in the following commits from 12.5 branch:
2024-11-06 - 30fbfa4 - Fix for null dev entries in emesh-sawf.
2024-08-28 - 0718f48 - Add interface num to identify vlan device
Signed-off-by: Sean Khan <datapronix@protonmail.com>
This commit fixes two issues with how ECM module options are configured:
1. `/etc/modules.conf` was modified on every ECM start/restart,
even when no changes were needed.
2. If any other ECM parameters were set in `/etc/modules.conf` it would
overwrite them as the entire line was replaced.
The solution extracts configuration logic into a dedicated function that
only modifies what's necessary, properly handling all cases (updating existing
parameters, appending to existing options, or creating new options).
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Bump to latest 12.5 branch to bring in the following:
* Flush the mdb tables in the event of NETDEV_DOWN
Signed-off-by: Sean Khan <datapronix@protonmail.com>
When building NSS GRE feature for non IPQ807x targets, the GRE `stats_ctx`
was not being properly defined.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
This commit updates 12.5 version of the nss-drv from:
30fbfa4 -> 4dfab93
Bringing in the following changes:
```
2024-11-13 - d5ee67b - Add support for clearing N2H stats
2024-11-13 - 4850be3 - Add support for clearing DRV stats
2024-11-13 - 3d7c16d - Add support for clearing capwap stats
2024-11-13 - 163fbf4 - Add support clearing Crypto CMN stats
2024-11-13 - 084b475 - Add support for clearing DTLS CMN stats
2024-11-13 - e32f844 - Add support clearing PVxLAN stats
2024-11-13 - 2f54141 - Add support for clearing ipv6 stats
2024-11-13 - 702b14c - Add support for clearing C2C TX stats
2024-11-13 - 201dbc5 - Add support for clearing ipv4 stats
2024-11-13 - 24b6f1a - Add support for clearing eth_rx stats
2024-11-05 - 6e242de - Add support for clearing C2C RX stats
2024-11-05 - 942593c - Added a flag to identify if HW UDP checksum is supported for udp_st
2024-11-05 - e11eb4e - Add support for clearing Trustsec TX stats
2024-11-05 - 4f01399 - Add support for clearing EDMA Lite stats
2024-11-05 - 45b9a31 - Add support for clearing Trustsec RX stats
2024-11-05 - 57b338d - Add baseline stats write functionality
2024-10-16 - b671190 - Fix dtsi parameter that controls enabling UBI
2024-10-08 - 9514a99 - Enabling qca-nss-drv on 6.6 kernel
2024-07-16 - e96972f - udp_st: Add a new mode to handle unsynchronized time.
2024-05-16 - 1db9e55 - Add missing error code for wifili pkg.
```
Stats can be cleared by echoing `0` to the corresponding stats file.
For example, to clear the N2H stats, you can run:
```
echo 0 > /sys/kernel/debug/qca-nss-drv/stats/n2h
```
Previous change was reloading ECM on client DHCP requests causing
temporary packet loss. Change reload trigger to instead just disable
packet steering (the original intent of this feature).
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Converted ecm init to PROCD service and added a function ensure packet steering
is always disabled when loading.
Added additional firewall/network/packet_steering triggers in case user
changes to packet steering are made in the web interface.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
* qca-nss-drv: add ipq5018 support
* qca-nss-clients: add ipq5018 support
* qca-nss-crypto: add ipq5018 support
* qca-nss-cfi: add ipq5018 support
* qca-nss-macsec: add ipq5018 support
Revert the changes I made in a previous commit as it broke Virtual Interface creation for modems using RMNET/QMAP aggregation that have the parent wwan0 device split into wwan0_1, wwan0_2, etc the script should now correctly set up the Virtual Interface for both aggregated and non aggregated.
QMAP aggregation can be set up by:
rmmod qmi_wwan_q
insmod qmi_wwan_q qmap_mode=N
N being the number of sub devices created from the parent wwan0 device. I tried it out with my Quectel EG12-EA modem and had constant resets/crashes with the router often locking up.
