linux/Documentation/networking
Florian Westphal d1b4c689d4 netlink: remove mmapped netlink support
mmapped netlink has a number of unresolved issues:

- TX zerocopy support had to be disabled more than a year ago via
  commit 4682a03586 ("netlink: Always copy on mmap TX.")
  because the content of the mmapped area can change after netlink
  attribute validation but before message processing.

- RX support was implemented mainly to speed up nfqueue dumping packet
  payload to userspace.  However, since commit ae08ce0021
  ("netfilter: nfnetlink_queue: zero copy support") we avoid one copy
  with the socket-based interface too (via the skb_zerocopy helper).

The other problem is that skbs attached to mmaped netlink socket
behave different from normal skbs:

- they don't have a shinfo area, so all functions that use skb_shinfo()
(e.g. skb_clone) cannot be used.

- reserving headroom prevents userspace from seeing the content as
it expects message to start at skb->head.
See for instance
commit aa3a022094 ("netlink: not trim skb for mmaped socket when dump").

- skbs handed e.g. to netlink_ack must have non-NULL skb->sk, else we
crash because it needs the sk to check if a tx ring is attached.

Also not obvious, leads to non-intuitive bug fixes such as 7c7bdf359
("netfilter: nfnetlink: use original skbuff when acking batches").

mmaped netlink also didn't play nicely with the skb_zerocopy helper
used by nfqueue and openvswitch.  Daniel Borkmann fixed this via
commit 6bb0fef489 ("netlink, mmap: fix edge-case leakages in nf queue
zero-copy")' but at the cost of also needing to provide remaining
length to the allocation function.

nfqueue also has problems when used with mmaped rx netlink:
- mmaped netlink doesn't allow use of nfqueue batch verdict messages.
  Problem is that in the mmap case, the allocation time also determines
  the ordering in which the frame will be seen by userspace (A
  allocating before B means that A is located in earlier ring slot,
  but this also means that B might get a lower sequence number then A
  since seqno is decided later.  To fix this we would need to extend the
  spinlocked region to also cover the allocation and message setup which
  isn't desirable.
- nfqueue can now be configured to queue large (GSO) skbs to userspace.
  Queing GSO packets is faster than having to force a software segmentation
  in the kernel, so this is a desirable option.  However, with a mmap based
  ring one has to use 64kb per ring slot element, else mmap has to fall back
  to the socket path (NL_MMAP_STATUS_COPY) for all large packets.

To use the mmap interface, userspace not only has to probe for mmap netlink
support, it also has to implement a recv/socket receive path in order to
handle messages that exceed the size of an rx ring element.

Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-18 11:42:18 -05:00
..
caif
dsa Documentation: networking: dsa: Add Broadcom SF2 document 2015-08-25 17:01:32 -07:00
mac80211_hwsim
timestamping Doc: networking: txtimestamp: fix printf format warning 2015-06-05 07:59:10 +09:00
3c509.txt
6lowpan.txt documentation: networking: add 6lowpan documentation 2015-08-11 22:05:36 +02:00
6pack.txt
00-INDEX Documentation/networking: add checksum-offloads.txt to explain LCO 2016-02-12 05:52:16 -05:00
alias.txt
altera_tse.txt Documentation: networking: Add Altera Ethernet (TSE) Documentation 2014-03-17 21:26:57 -04:00
arcnet-hardware.txt
arcnet.txt
atm.txt
ax25.txt
batman-adv.txt batman-adv: Switch to HTTPS version of links 2016-02-03 09:54:39 +08:00
baycom.txt
bonding.txt bonding: Implement user key part of port_key in an AD system. 2015-05-11 10:59:32 -04:00
bridge.txt
can.txt can-doc: Add hint about getting timestamps 2015-12-10 11:29:11 -07:00
cdc_mbim.txt net: cdc_mbim: add driver documentation 2014-05-13 17:46:09 -04:00
checksum-offloads.txt Documentation/networking: add checksum-offloads.txt to explain LCO 2016-02-12 05:52:16 -05:00
cops.txt
cs89x0.txt
cxacru-cf.py
cxacru.txt
cxgb.txt
dccp.txt doc: spelling error changes 2014-05-05 15:32:05 +02:00
dctcp.txt tcp: add rfc3168, section 6.1.1.1. fallback 2015-05-19 16:53:37 -04:00
de4x5.txt
decnet.txt
dl2k.txt
dm9000.txt
dmfe.txt
dns_resolver.txt
driver.txt
e100.txt e100.txt: Cleanup license info in kernel doc 2015-12-03 12:58:10 -08:00
e1000.txt
e1000e.txt
eql.txt
fib_trie.txt fib_trie.txt: fix typo 2014-12-15 11:45:15 -05:00
filter.txt bpf: doc: correct arch list for supported eBPF JIT 2015-11-08 20:46:48 -05:00
fore200e.txt Doc: Change wikipedia's URL from http to https 2015-06-22 10:14:05 -06:00
framerelay.txt
gen_stats.txt
generic_netlink.txt
generic-hdlc.txt
gianfar.txt gianfar: Remove sysfs stubs for FIFOCFG and stashing 2014-02-18 15:03:02 -05:00
i40e.txt i40e: adds FCoE to build and updates its documentation 2014-08-02 19:41:13 -07:00
i40evf.txt i40evf: add driver to kernel build system 2013-12-31 16:27:49 -08:00
ieee802154.txt ieee802154: docs: fix project name to linux-wpan as well as some typos 2015-09-17 13:20:05 +02:00
igb.txt igb: doc don't refer to ifconfig 2015-04-09 22:03:20 -07:00
igbvf.txt
ip_dynaddr.txt
ip-sysctl.txt ipv6: add option to drop unsolicited neighbor advertisements 2016-02-11 04:27:36 -05:00
ipddp.txt
iphase.txt
ipsec.txt xfrm: Add file to document IPsec corner case 2013-12-16 12:54:05 +01:00
ipv6.txt
ipvlan.txt ipvlan: Initial check-in of the IPVLAN driver. 2014-11-24 15:29:18 -05:00
ipvs-sysctl.txt ipvs: add sysctl to ignore tunneled packets 2015-09-17 11:50:02 +09:00
irda.txt
ixgb.txt ixgb: remove references to ifconfig 2015-04-09 22:04:04 -07:00
ixgbe.txt ixgbe: fix documentation 2015-04-09 22:03:54 -07:00
ixgbevf.txt
l2tp.txt l2tp: remove references to modprobe in documentation 2015-09-25 12:27:23 -07:00
lapb-module.txt
LICENSE.qla3xxx
LICENSE.qlcnic
LICENSE.qlge
ltpc.txt
mac80211-auth-assoc-deauth.txt
mac80211-injection.txt
Makefile Documentation: use subdir-y to avoid unnecessary built-in.o files 2014-09-26 11:02:55 +02:00
mpls-sysctl.txt mpls: Per-device enabling of packet input 2015-04-22 14:24:54 -04:00
multiqueue.txt
netconsole.txt netconsole: implement extended console support 2015-06-25 17:00:39 -07:00
netdev-FAQ.txt
netdev-features.txt
netdevices.txt
netif-msg.txt
nf_conntrack-sysctl.txt netfilter: conntrack: adjust nf_conntrack_buckets default value 2014-12-23 14:20:10 +01:00
nfc.txt
openvswitch.txt openvswitch: Add support for unique flow IDs. 2015-01-26 15:45:50 -08:00
operstates.txt
packet_mmap.txt af_packet: pass checksum validation status to the user 2015-03-23 22:01:28 -04:00
phonet.txt
phy.txt Documentation: networking: phy.txt: Update text for indirect MMD access 2014-07-30 20:00:22 -07:00
pktgen.txt pktgen: add sample script pktgen_sample02_multiqueue.sh 2015-05-22 23:59:17 -04:00
PLIP.txt
policy-routing.txt
ppp_generic.txt
proc_net_tcp.txt
radiotap-headers.txt
ray_cs.txt
rds.txt RDS: Documentation: Document AF_RDS, PF_RDS and SOL_RDS correctly. 2015-04-08 15:17:04 -04:00
README.ipw2100
README.ipw2200
README.sb1000
regulatory.txt
rxrpc.txt af_rxrpc: Expose more RxRPC parameters via sysctls 2014-02-26 17:25:07 +00:00
s2io.txt neterion: remove reference to ifconfig 2015-03-08 19:11:44 -04:00
scaling.txt net: rfs: fix crash in get_rps_cpus() 2015-04-26 16:07:57 -04:00
sctp.txt
secid.txt
skfp.txt
smc9.txt
spider_net.txt doc: fix double words 2014-03-21 13:16:58 +01:00
stmmac.txt phy: fixed_phy: Add gpio to determine link up/down. 2015-08-31 14:48:02 -07:00
switchdev.txt switchdev: Adding IGMP snooping documentation 2016-01-10 16:50:21 -05:00
tc-actions-env-rules.txt net: sched: use counter to break reclassify loops 2015-05-13 15:08:14 -04:00
tcp-thin.txt
tcp.txt tcp: remove unused min_cwnd member of tcp_congestion_ops 2014-02-13 18:22:34 -05:00
team.txt
timestamping.txt clarify implementation of ethtool's get_ts_info op 2015-07-17 19:59:04 -07:00
tlan.txt
tproxy.txt
tuntap.txt
udplite.txt Doc: networking: Fix URL for wiki.wireshark.org in udplite.txt 2015-06-12 14:21:29 -07:00
vortex.txt
vrf.txt net: vrf: Documentation update, ip commands 2015-10-13 18:55:31 -07:00
vxge.txt neterion: remove reference to ifconfig 2015-03-08 19:11:44 -04:00
vxlan.txt documentation: bring vxlan documentation more up-to-date 2015-08-12 16:46:30 -07:00
x25-iface.txt
x25.txt
xfrm_proc.txt
xfrm_sync.txt
xfrm_sysctl.txt
z8530drv.txt

sb1000 is a module network device driver for the General Instrument (also known
as NextLevel) SURFboard1000 internal cable modem board.  This is an ISA card
which is used by a number of cable TV companies to provide cable modem access.
It's a one-way downstream-only cable modem, meaning that your upstream net link
is provided by your regular phone modem.

This driver was written by Franco Venturi <fventuri@mediaone.net>.  He deserves
a great deal of thanks for this wonderful piece of code!

-----------------------------------------------------------------------------

Support for this device is now a part of the standard Linux kernel.  The
driver source code file is drivers/net/sb1000.c.  In addition to this
you will need:

1.) The "cmconfig" program.  This is a utility which supplements "ifconfig"
to configure the cable modem and network interface (usually called "cm0");
and

2.) Several PPP scripts which live in /etc/ppp to make connecting via your
cable modem easy.

   These utilities can be obtained from:

      http://www.jacksonville.net/~fventuri/

   in Franco's original source code distribution .tar.gz file.  Support for
   the sb1000 driver can be found at:

      http://web.archive.org/web/*/http://home.adelphia.net/~siglercm/sb1000.html
      http://web.archive.org/web/*/http://linuxpower.cx/~cable/

   along with these utilities.

3.) The standard isapnp tools.  These are necessary to configure your SB1000
card at boot time (or afterwards by hand) since it's a PnP card.

   If you don't have these installed as a standard part of your Linux
   distribution, you can find them at:

      http://www.roestock.demon.co.uk/isapnptools/

   or check your Linux distribution binary CD or their web site.  For help with
   isapnp, pnpdump, or /etc/isapnp.conf, go to:

      http://www.roestock.demon.co.uk/isapnptools/isapnpfaq.html

-----------------------------------------------------------------------------

To make the SB1000 card work, follow these steps:

1.) Run `make config', or `make menuconfig', or `make xconfig', whichever
you prefer, in the top kernel tree directory to set up your kernel
configuration.  Make sure to say "Y" to "Prompt for development drivers"
and to say "M" to the sb1000 driver.  Also say "Y" or "M" to all the standard
networking questions to get TCP/IP and PPP networking support.

2.) *BEFORE* you build the kernel, edit drivers/net/sb1000.c.  Make sure
to redefine the value of READ_DATA_PORT to match the I/O address used
by isapnp to access your PnP cards.  This is the value of READPORT in
/etc/isapnp.conf or given by the output of pnpdump.

3.) Build and install the kernel and modules as usual.

4.) Boot your new kernel following the usual procedures.

5.) Set up to configure the new SB1000 PnP card by capturing the output
of "pnpdump" to a file and editing this file to set the correct I/O ports,
IRQ, and DMA settings for all your PnP cards.  Make sure none of the settings
conflict with one another.  Then test this configuration by running the
"isapnp" command with your new config file as the input.  Check for
errors and fix as necessary.  (As an aside, I use I/O ports 0x110 and
0x310 and IRQ 11 for my SB1000 card and these work well for me.  YMMV.)
Then save the finished config file as /etc/isapnp.conf for proper configuration
on subsequent reboots.

6.) Download the original file sb1000-1.1.2.tar.gz from Franco's site or one of
the others referenced above.  As root, unpack it into a temporary directory and
do a `make cmconfig' and then `install -c cmconfig /usr/local/sbin'.  Don't do
`make install' because it expects to find all the utilities built and ready for
installation, not just cmconfig.

7.) As root, copy all the files under the ppp/ subdirectory in Franco's
tar file into /etc/ppp, being careful not to overwrite any files that are
already in there.  Then modify ppp@gi-on to set the correct login name,
phone number, and frequency for the cable modem.  Also edit pap-secrets
to specify your login name and password and any site-specific information
you need.

8.) Be sure to modify /etc/ppp/firewall to use ipchains instead of
the older ipfwadm commands from the 2.0.x kernels.  There's a neat utility to
convert ipfwadm commands to ipchains commands:

   http://users.dhp.com/~whisper/ipfwadm2ipchains/

You may also wish to modify the firewall script to implement a different
firewalling scheme.

9.) Start the PPP connection via the script /etc/ppp/ppp@gi-on.  You must be
root to do this.  It's better to use a utility like sudo to execute
frequently used commands like this with root permissions if possible.  If you
connect successfully the cable modem interface will come up and you'll see a
driver message like this at the console:

         cm0: sb1000 at (0x110,0x310), csn 1, S/N 0x2a0d16d8, IRQ 11.
         sb1000.c:v1.1.2 6/01/98 (fventuri@mediaone.net)

The "ifconfig" command should show two new interfaces, ppp0 and cm0.
The command "cmconfig cm0" will give you information about the cable modem
interface.

10.) Try pinging a site via `ping -c 5 www.yahoo.com', for example.  You should
see packets received.

11.) If you can't get site names (like www.yahoo.com) to resolve into
IP addresses (like 204.71.200.67), be sure your /etc/resolv.conf file
has no syntax errors and has the right nameserver IP addresses in it.
If this doesn't help, try something like `ping -c 5 204.71.200.67' to
see if the networking is running but the DNS resolution is where the
problem lies.

12.) If you still have problems, go to the support web sites mentioned above
and read the information and documentation there.

-----------------------------------------------------------------------------

Common problems:

1.) Packets go out on the ppp0 interface but don't come back on the cm0
interface.  It looks like I'm connected but I can't even ping any
numerical IP addresses.  (This happens predominantly on Debian systems due
to a default boot-time configuration script.)

Solution -- As root `echo 0 > /proc/sys/net/ipv4/conf/cm0/rp_filter' so it
can share the same IP address as the ppp0 interface.  Note that this
command should probably be added to the /etc/ppp/cablemodem script
*right*between* the "/sbin/ifconfig" and "/sbin/cmconfig" commands.
You may need to do this to /proc/sys/net/ipv4/conf/ppp0/rp_filter as well.
If you do this to /proc/sys/net/ipv4/conf/default/rp_filter on each reboot
(in rc.local or some such) then any interfaces can share the same IP
addresses.

2.) I get "unresolved symbol" error messages on executing `insmod sb1000.o'.

Solution -- You probably have a non-matching kernel source tree and
/usr/include/linux and /usr/include/asm header files.  Make sure you
install the correct versions of the header files in these two directories.
Then rebuild and reinstall the kernel.

3.) When isapnp runs it reports an error, and my SB1000 card isn't working.

Solution -- There's a problem with later versions of isapnp using the "(CHECK)"
option in the lines that allocate the two I/O addresses for the SB1000 card.
This first popped up on RH 6.0.  Delete "(CHECK)" for the SB1000 I/O addresses.
Make sure they don't conflict with any other pieces of hardware first!  Then
rerun isapnp and go from there.

4.) I can't execute the /etc/ppp/ppp@gi-on file.

Solution -- As root do `chmod ug+x /etc/ppp/ppp@gi-on'.

5.) The firewall script isn't working (with 2.2.x and higher kernels).

Solution -- Use the ipfwadm2ipchains script referenced above to convert the
/etc/ppp/firewall script from the deprecated ipfwadm commands to ipchains.

6.) I'm getting *tons* of firewall deny messages in the /var/kern.log,
/var/messages, and/or /var/syslog files, and they're filling up my /var
partition!!!

Solution -- First, tell your ISP that you're receiving DoS (Denial of Service)
and/or portscanning (UDP connection attempts) attacks!  Look over the deny
messages to figure out what the attack is and where it's coming from.  Next,
edit /etc/ppp/cablemodem and make sure the ",nobroadcast" option is turned on
to the "cmconfig" command (uncomment that line).  If you're not receiving these
denied packets on your broadcast interface (IP address xxx.yyy.zzz.255
typically), then someone is attacking your machine in particular.  Be careful
out there....

7.) Everything seems to work fine but my computer locks up after a while
(and typically during a lengthy download through the cable modem)!

Solution -- You may need to add a short delay in the driver to 'slow down' the
SURFboard because your PC might not be able to keep up with the transfer rate
of the SB1000. To do this, it's probably best to download Franco's
sb1000-1.1.2.tar.gz archive and build and install sb1000.o manually.  You'll
want to edit the 'Makefile' and look for the 'SB1000_DELAY'
define.  Uncomment those 'CFLAGS' lines (and comment out the default ones)
and try setting the delay to something like 60 microseconds with:
'-DSB1000_DELAY=60'.  Then do `make' and as root `make install' and try
it out.  If it still doesn't work or you like playing with the driver, you may
try other numbers.  Remember though that the higher the delay, the slower the
driver (which slows down the rest of the PC too when it is actively
used). Thanks to Ed Daiga for this tip!

-----------------------------------------------------------------------------

Credits:  This README came from Franco Venturi's original README file which is
still supplied with his driver .tar.gz archive.  I and all other sb1000 users
owe Franco a tremendous "Thank you!"  Additional thanks goes to Carl Patten
and Ralph Bonnell who are now managing the Linux SB1000 web site, and to
the SB1000 users who reported and helped debug the common problems listed
above.


					Clemmitt Sigler
					csigler@vt.edu