linux-next/Documentation/networking
Julian Anastasov 0c12582fbc ipvs: add backup_only flag to avoid loops
Dmitry Akindinov is reporting for a problem where SYNs are looping
between the master and backup server when the backup server is used as
real server in DR mode and has IPVS rules to function as director.

Even when the backup function is enabled we continue to forward
traffic and schedule new connections when the current master is using
the backup server as real server. While this is not a problem for NAT,
for DR and TUN method the backup server can not determine if a request
comes from client or from director.

To avoid such loops add new sysctl flag backup_only. It can be needed
for DR/TUN setups that do not need backup and director function at the
same time. When the backup function is enabled we stop any forwarding
and pass the traffic to the local stack (real server mode). The flag
disables the director function when the backup function is enabled.

For setups that enable backup function for some virtual services and
director function for other virtual services there should be another
more complex solution to support DR/TUN mode, may be to assign
per-virtual service syncid value, so that we can differentiate the
requests.

Reported-by: Dmitry Akindinov <dimak@stalker.com>
Tested-by: German Myzovsky <lawyer@sipnet.ru>
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
2013-03-19 21:21:51 +09:00
..
caif Documentation/networking/caif: Update documentation 2012-06-25 16:44:12 -07:00
mac80211_hwsim mac80211_hwsim: Update documentation (AP mode enabled) 2008-11-21 11:08:16 -05:00
timestamping Merge branch 'master' of /home/davem/src/GIT/linux-2.6/ 2010-03-15 16:23:54 -07:00
.gitignore .gitignore updates 2008-10-30 11:38:45 -07:00
3c505.txt [NET]: Remove references to net-modules.txt. 2007-11-12 21:03:58 -08:00
3c509.txt drivers/net: delete all code/drivers depending on CONFIG_MCA 2012-05-17 16:37:41 -04:00
6pack.txt Update Andreas Koensgen's email address 2009-07-17 10:07:12 -07:00
00-INDEX drivers/net: delete Digital EtherWorks-3 support. 2013-01-22 10:39:55 -05:00
alias.txt net: update documentation ip aliases 2009-01-29 16:16:31 -08:00
arcnet-hardware.txt Fix "can not" in Documentation and Kconfig 2006-10-03 22:53:09 +02:00
arcnet.txt Documentation: update broken web addresses. 2010-08-04 15:21:40 +02:00
atm.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ax25.txt [NET] AX.25 Kconfig and docs updates and fixes 2007-03-25 18:48:02 -07:00
batman-adv.txt batman-adv: Distributed ARP Table - add a new debug log level 2012-11-07 20:00:18 +01:00
baycom.txt Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
bonding.txt bonding: support for IPv6 transmit hashing 2012-08-22 22:49:30 -07:00
bridge.txt bridge: update documentation references 2012-07-19 10:48:07 -07:00
can.txt canfd: update documentation according to CAN FD extensions 2012-06-19 21:40:26 +02:00
cops.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
cs89x0.txt networking/cs89x0.txt: delete stale information about hand patching 2013-01-11 16:52:26 -08:00
cxacru-cf.py USB: cxacru: remove cxacru-cf.bin loader 2010-03-02 14:53:01 -08:00
cxacru.txt USB: cxacru: remove cxacru-cf.bin loader 2010-03-02 14:53:01 -08:00
cxgb.txt Fix typos in Documentation/: 'F'-'G' 2006-10-03 22:49:15 +02:00
dccp.txt Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-01-13 10:05:56 -08:00
de4x5.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
decnet.txt Documentation: update broken web addresses. 2010-08-04 15:21:40 +02:00
dl2k.txt Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
dm9000.txt trivial: Miscellaneous documentation typo fixes 2009-06-12 18:01:47 +02:00
dmfe.txt Documentation: networking: dmfe.txt: Remove the maintainer of orphan networking driver 2011-09-15 14:49:43 -04:00
dns_resolver.txt KEYS: Allow special keyrings to be cleared 2012-01-19 14:38:51 +11:00
driver.txt doc, net: Update ndo_start_xmit return type and values 2012-04-06 02:43:13 -04:00
e100.txt Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
e1000.txt Documentation/networking: Update Intel Wired LAN docs 2010-12-24 21:26:47 -08:00
e1000e.txt Documentation/networking: Update Intel Wired LAN docs 2010-12-24 21:26:47 -08:00
eql.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
fib_trie.txt Fix typos in Documentation/: 'F'-'G' 2006-10-03 22:49:15 +02:00
filter.txt sk-filter: Add ability to lock a socket filter program 2013-01-17 03:21:25 -05:00
fore200e.txt drivers/net: delete all code/drivers depending on CONFIG_MCA 2012-05-17 16:37:41 -04:00
framerelay.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
gen_stats.txt Fix typos in Documentation/: 'N'-'P' 2006-10-03 22:52:05 +02:00
generic_netlink.txt Docs/Kconfig: Update: osdl.org -> linuxfoundation.org 2010-11-15 23:50:13 +01:00
generic-hdlc.txt WAN: new synchronous PPP implementation for generic HDLC. 2008-11-22 02:49:48 +01:00
gianfar.txt [PATCH] Gianfar update and sysfs support 2005-11-18 13:31:26 -05:00
ieee802154.txt Documentation/networking/ieee802154: update MAC chapter 2012-05-16 15:17:08 -04:00
ifenslave.c ifenslave: Fix unused variable warnings. 2011-11-26 16:54:17 -05:00
igb.txt igb: Add anti-spoofing feature documentation 2011-04-13 19:15:50 -07:00
igbvf.txt Documentation/networking: Update Intel Wired LAN docs 2010-12-24 21:26:47 -08:00
ip_dynaddr.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ip-sysctl.txt tcp: remove Appropriate Byte Count support 2013-02-05 14:51:16 -05:00
ipddp.txt Documentation: update broken web addresses. 2010-08-04 15:21:40 +02:00
iphase.txt Documentation: update broken web addresses. 2010-08-04 15:21:40 +02:00
ipv6.txt Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
ipvs-sysctl.txt ipvs: add backup_only flag to avoid loops 2013-03-19 21:21:51 +09:00
irda.txt [PATCH] kernel Doc/ URL corrections 2005-11-22 09:14:30 -08:00
ixgb.txt Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
ixgbe.txt Documentation/networking: Update Intel Wired LAN docs 2010-12-24 21:26:47 -08:00
ixgbevf.txt Documentation/networking/ixgbevf.txt: Update documentation 2010-12-10 22:12:23 -08:00
l2tp.txt ppp: Replace uses of <linux/if_ppp.h> with <linux/ppp-ioctl.h> 2012-03-04 20:41:38 -05:00
lapb-module.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
LICENSE.qla3xxx [PATCH] qla3xxx NIC driver 2006-07-29 00:28:51 -04:00
LICENSE.qlcnic qlcnic: Updating copyright information. 2013-02-04 21:08:48 -05:00
LICENSE.qlge qlge: Updating Schultz LICENSE.qlge file. 2012-02-04 15:59:30 -05:00
ltpc.txt Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
mac80211-auth-assoc-deauth.txt mac80211: set HT channel before association 2012-04-10 14:54:07 -04:00
mac80211-injection.txt mac80211: Update injection documentation 2011-10-11 16:41:16 -04:00
Makefile net: fix ifenslave build flags 2011-02-10 20:05:25 -08:00
multiqueue.txt multiq: Further multiqueue cleanup 2008-09-12 17:57:23 -07:00
netconsole.txt netconsole: add IPv6 example in doc 2013-01-08 17:56:10 -08:00
netdev-features.txt doc/net: Fix typo in netdev-features.txt 2012-11-13 14:37:48 -05:00
netdevices.txt doc, net: Update netdev operation names 2012-04-06 02:43:12 -04:00
netif-msg.txt Fix typos in Documentation/: 'Q'-'R' 2006-10-03 22:54:15 +02:00
nf_conntrack-sysctl.txt netfilter: doc: add nf_conntrack sysctl api documentation 2013-01-21 12:50:06 +01:00
nfc.txt NFC: add Documentation/networking/nfc.txt 2011-07-05 15:26:58 -04:00
openvswitch.txt openvswitch: Fix typo in documentation. 2012-07-20 14:51:07 -07:00
operstates.txt rtnl: expose carrier value with possibility to set it 2012-12-28 15:24:18 -08:00
packet_mmap.txt doc: packet_mmap: update doc to implementation status 2012-11-09 16:45:49 -05:00
phonet.txt Phonet: kill the ST-Ericsson pipe controller Kconfig 2011-03-09 11:59:33 -08:00
phy.txt net: phy: remove flags argument from phy_{attach, connect, connect_direct} 2013-01-14 15:11:50 -05:00
pktgen.txt pktgen: increasing transmission granularity 2010-06-11 18:37:09 -07:00
PLIP.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
policy-routing.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ppp_generic.txt ppp: Move ioctl definitions from if_ppp.h to new ppp-ioctl.h 2012-03-04 20:41:38 -05:00
proc_net_tcp.txt [TCP]: Update the /proc/net/tcp documentation 2007-10-15 12:58:35 -07:00
radiotap-headers.txt [PATCH] cfg80211: Radiotap parser 2007-07-12 16:07:24 -04:00
ray_cs.txt Documentation: update broken web addresses. 2010-08-04 15:21:40 +02:00
rds.txt RDS: Documentation 2009-02-26 23:39:34 -08:00
README.ipw2100 Documentation: update broken web addresses. 2010-08-04 15:21:40 +02:00
README.ipw2200 Fix common misspellings 2011-03-31 11:26:23 -03:00
README.sb1000 Documentation: update broken web addresses. 2010-08-04 15:21:40 +02:00
regulatory.txt wireless: support internal statically compiled regulatory database 2009-12-21 18:56:10 -05:00
rxrpc.txt trivial: fix then -> than typos in comments and documentation 2009-01-06 11:28:06 +01:00
s2io.txt vxge/s2io: remove dead URLs 2012-07-10 23:24:47 -07:00
scaling.txt net: doc: fix many typos in scaling.txt 2011-12-20 14:11:46 -05:00
sctp.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
secid.txt [MLSXFRM]: Add security sid to flowi 2006-09-22 14:53:23 -07:00
skfp.txt tree-wide: Assorted spelling fixes 2010-02-09 11:13:56 +01:00
smc9.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
spider_net.txt spidernet: driver docmentation 2007-07-08 22:16:42 -04:00
stmmac.txt stmmac: update the doc with new IRQ mitigation 2012-11-26 17:22:12 -05:00
tc-actions-env-rules.txt Fix common misspellings 2011-03-31 11:26:23 -03:00
tcp-thin.txt net: TCP thin-stream detection 2010-02-18 15:43:07 -08:00
tcp.txt Documentation: fix tcp.txt 2008-02-17 22:21:04 -08:00
team.txt net: introduce ethernet teaming device 2011-11-13 16:10:10 -05:00
timestamping.txt net: simplify flags for tx timestamping 2010-08-19 00:08:30 -07:00
tlan.txt Documentation: update broken web addresses. 2010-08-04 15:21:40 +02:00
tproxy.txt netfilter: Add documentation for tproxy 2008-10-08 11:35:12 +02:00
tuntap.txt net: docs: document multiqueue tuntap API 2013-03-06 14:56:10 -05:00
udplite.txt Documentation: update broken web addresses. 2010-08-04 15:21:40 +02:00
vortex.txt Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
vxge.txt vxge/s2io: remove dead URLs 2012-07-10 23:24:47 -07:00
vxlan.txt vxlan: fix command usage in its doc 2012-11-23 14:03:04 -05:00
x25-iface.txt X25: Update X25 interface documentation 2010-04-22 16:12:52 -07:00
x25.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
xfrm_proc.txt [XFRM]: Fix statistics. 2008-01-31 19:28:30 -08:00
xfrm_sync.txt [XFRM]: Fix aevent structuring to be more complete. 2006-12-02 22:22:25 -08:00
xfrm_sysctl.txt [IPSEC]: Add xfrm_sysctl.txt. 2007-05-31 01:34:55 -07:00
z8530drv.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00

sb1000 is a module network device driver for the General Instrument (also known
as NextLevel) SURFboard1000 internal cable modem board.  This is an ISA card
which is used by a number of cable TV companies to provide cable modem access.
It's a one-way downstream-only cable modem, meaning that your upstream net link
is provided by your regular phone modem.

This driver was written by Franco Venturi <fventuri@mediaone.net>.  He deserves
a great deal of thanks for this wonderful piece of code!

-----------------------------------------------------------------------------

Support for this device is now a part of the standard Linux kernel.  The
driver source code file is drivers/net/sb1000.c.  In addition to this
you will need:

1.) The "cmconfig" program.  This is a utility which supplements "ifconfig"
to configure the cable modem and network interface (usually called "cm0");
and

2.) Several PPP scripts which live in /etc/ppp to make connecting via your
cable modem easy.

   These utilities can be obtained from:

      http://www.jacksonville.net/~fventuri/

   in Franco's original source code distribution .tar.gz file.  Support for
   the sb1000 driver can be found at:

      http://web.archive.org/web/*/http://home.adelphia.net/~siglercm/sb1000.html
      http://web.archive.org/web/*/http://linuxpower.cx/~cable/

   along with these utilities.

3.) The standard isapnp tools.  These are necessary to configure your SB1000
card at boot time (or afterwards by hand) since it's a PnP card.

   If you don't have these installed as a standard part of your Linux
   distribution, you can find them at:

      http://www.roestock.demon.co.uk/isapnptools/

   or check your Linux distribution binary CD or their web site.  For help with
   isapnp, pnpdump, or /etc/isapnp.conf, go to:

      http://www.roestock.demon.co.uk/isapnptools/isapnpfaq.html

-----------------------------------------------------------------------------

To make the SB1000 card work, follow these steps:

1.) Run `make config', or `make menuconfig', or `make xconfig', whichever
you prefer, in the top kernel tree directory to set up your kernel
configuration.  Make sure to say "Y" to "Prompt for development drivers"
and to say "M" to the sb1000 driver.  Also say "Y" or "M" to all the standard
networking questions to get TCP/IP and PPP networking support.

2.) *BEFORE* you build the kernel, edit drivers/net/sb1000.c.  Make sure
to redefine the value of READ_DATA_PORT to match the I/O address used
by isapnp to access your PnP cards.  This is the value of READPORT in
/etc/isapnp.conf or given by the output of pnpdump.

3.) Build and install the kernel and modules as usual.

4.) Boot your new kernel following the usual procedures.

5.) Set up to configure the new SB1000 PnP card by capturing the output
of "pnpdump" to a file and editing this file to set the correct I/O ports,
IRQ, and DMA settings for all your PnP cards.  Make sure none of the settings
conflict with one another.  Then test this configuration by running the
"isapnp" command with your new config file as the input.  Check for
errors and fix as necessary.  (As an aside, I use I/O ports 0x110 and
0x310 and IRQ 11 for my SB1000 card and these work well for me.  YMMV.)
Then save the finished config file as /etc/isapnp.conf for proper configuration
on subsequent reboots.

6.) Download the original file sb1000-1.1.2.tar.gz from Franco's site or one of
the others referenced above.  As root, unpack it into a temporary directory and
do a `make cmconfig' and then `install -c cmconfig /usr/local/sbin'.  Don't do
`make install' because it expects to find all the utilities built and ready for
installation, not just cmconfig.

7.) As root, copy all the files under the ppp/ subdirectory in Franco's
tar file into /etc/ppp, being careful not to overwrite any files that are
already in there.  Then modify ppp@gi-on to set the correct login name,
phone number, and frequency for the cable modem.  Also edit pap-secrets
to specify your login name and password and any site-specific information
you need.

8.) Be sure to modify /etc/ppp/firewall to use ipchains instead of
the older ipfwadm commands from the 2.0.x kernels.  There's a neat utility to
convert ipfwadm commands to ipchains commands:

   http://users.dhp.com/~whisper/ipfwadm2ipchains/

You may also wish to modify the firewall script to implement a different
firewalling scheme.

9.) Start the PPP connection via the script /etc/ppp/ppp@gi-on.  You must be
root to do this.  It's better to use a utility like sudo to execute
frequently used commands like this with root permissions if possible.  If you
connect successfully the cable modem interface will come up and you'll see a
driver message like this at the console:

         cm0: sb1000 at (0x110,0x310), csn 1, S/N 0x2a0d16d8, IRQ 11.
         sb1000.c:v1.1.2 6/01/98 (fventuri@mediaone.net)

The "ifconfig" command should show two new interfaces, ppp0 and cm0.
The command "cmconfig cm0" will give you information about the cable modem
interface.

10.) Try pinging a site via `ping -c 5 www.yahoo.com', for example.  You should
see packets received.

11.) If you can't get site names (like www.yahoo.com) to resolve into
IP addresses (like 204.71.200.67), be sure your /etc/resolv.conf file
has no syntax errors and has the right nameserver IP addresses in it.
If this doesn't help, try something like `ping -c 5 204.71.200.67' to
see if the networking is running but the DNS resolution is where the
problem lies.

12.) If you still have problems, go to the support web sites mentioned above
and read the information and documentation there.

-----------------------------------------------------------------------------

Common problems:

1.) Packets go out on the ppp0 interface but don't come back on the cm0
interface.  It looks like I'm connected but I can't even ping any
numerical IP addresses.  (This happens predominantly on Debian systems due
to a default boot-time configuration script.)

Solution -- As root `echo 0 > /proc/sys/net/ipv4/conf/cm0/rp_filter' so it
can share the same IP address as the ppp0 interface.  Note that this
command should probably be added to the /etc/ppp/cablemodem script
*right*between* the "/sbin/ifconfig" and "/sbin/cmconfig" commands.
You may need to do this to /proc/sys/net/ipv4/conf/ppp0/rp_filter as well.
If you do this to /proc/sys/net/ipv4/conf/default/rp_filter on each reboot
(in rc.local or some such) then any interfaces can share the same IP
addresses.

2.) I get "unresolved symbol" error messages on executing `insmod sb1000.o'.

Solution -- You probably have a non-matching kernel source tree and
/usr/include/linux and /usr/include/asm header files.  Make sure you
install the correct versions of the header files in these two directories.
Then rebuild and reinstall the kernel.

3.) When isapnp runs it reports an error, and my SB1000 card isn't working.

Solution -- There's a problem with later versions of isapnp using the "(CHECK)"
option in the lines that allocate the two I/O addresses for the SB1000 card.
This first popped up on RH 6.0.  Delete "(CHECK)" for the SB1000 I/O addresses.
Make sure they don't conflict with any other pieces of hardware first!  Then
rerun isapnp and go from there.

4.) I can't execute the /etc/ppp/ppp@gi-on file.

Solution -- As root do `chmod ug+x /etc/ppp/ppp@gi-on'.

5.) The firewall script isn't working (with 2.2.x and higher kernels).

Solution -- Use the ipfwadm2ipchains script referenced above to convert the
/etc/ppp/firewall script from the deprecated ipfwadm commands to ipchains.

6.) I'm getting *tons* of firewall deny messages in the /var/kern.log,
/var/messages, and/or /var/syslog files, and they're filling up my /var
partition!!!

Solution -- First, tell your ISP that you're receiving DoS (Denial of Service)
and/or portscanning (UDP connection attempts) attacks!  Look over the deny
messages to figure out what the attack is and where it's coming from.  Next,
edit /etc/ppp/cablemodem and make sure the ",nobroadcast" option is turned on
to the "cmconfig" command (uncomment that line).  If you're not receiving these
denied packets on your broadcast interface (IP address xxx.yyy.zzz.255
typically), then someone is attacking your machine in particular.  Be careful
out there....

7.) Everything seems to work fine but my computer locks up after a while
(and typically during a lengthy download through the cable modem)!

Solution -- You may need to add a short delay in the driver to 'slow down' the
SURFboard because your PC might not be able to keep up with the transfer rate
of the SB1000. To do this, it's probably best to download Franco's
sb1000-1.1.2.tar.gz archive and build and install sb1000.o manually.  You'll
want to edit the 'Makefile' and look for the 'SB1000_DELAY'
define.  Uncomment those 'CFLAGS' lines (and comment out the default ones)
and try setting the delay to something like 60 microseconds with:
'-DSB1000_DELAY=60'.  Then do `make' and as root `make install' and try
it out.  If it still doesn't work or you like playing with the driver, you may
try other numbers.  Remember though that the higher the delay, the slower the
driver (which slows down the rest of the PC too when it is actively
used). Thanks to Ed Daiga for this tip!

-----------------------------------------------------------------------------

Credits:  This README came from Franco Venturi's original README file which is
still supplied with his driver .tar.gz archive.  I and all other sb1000 users
owe Franco a tremendous "Thank you!"  Additional thanks goes to Carl Patten
and Ralph Bonnell who are now managing the Linux SB1000 web site, and to
the SB1000 users who reported and helped debug the common problems listed
above.


					Clemmitt Sigler
					csigler@vt.edu