linux-hardened/Documentation/networking
David Howells 651350d10f [AF_RXRPC]: Add an interface to the AF_RXRPC module for the AFS filesystem to use
Add an interface to the AF_RXRPC module so that the AFS filesystem module can
more easily make use of the services available.  AFS still opens a socket but
then uses the action functions in lieu of sendmsg() and registers an intercept
functions to grab messages before they're queued on the socket Rx queue.

This permits AFS (or whatever) to:

 (1) Avoid the overhead of using the recvmsg() call.

 (2) Use different keys directly on individual client calls on one socket
     rather than having to open a whole slew of sockets, one for each key it
     might want to use.

 (3) Avoid calling request_key() at the point of issue of a call or opening of
     a socket.  This is done instead by AFS at the point of open(), unlink() or
     other VFS operation and the key handed through.

 (4) Request the use of something other than GFP_KERNEL to allocate memory.

Furthermore:

 (*) The socket buffer markings used by RxRPC are made available for AFS so
     that it can interpret the cooked RxRPC messages itself.

 (*) rxgen (un)marshalling abort codes are made available.


The following documentation for the kernel interface is added to
Documentation/networking/rxrpc.txt:

=========================
AF_RXRPC KERNEL INTERFACE
=========================

The AF_RXRPC module also provides an interface for use by in-kernel utilities
such as the AFS filesystem.  This permits such a utility to:

 (1) Use different keys directly on individual client calls on one socket
     rather than having to open a whole slew of sockets, one for each key it
     might want to use.

 (2) Avoid having RxRPC call request_key() at the point of issue of a call or
     opening of a socket.  Instead the utility is responsible for requesting a
     key at the appropriate point.  AFS, for instance, would do this during VFS
     operations such as open() or unlink().  The key is then handed through
     when the call is initiated.

 (3) Request the use of something other than GFP_KERNEL to allocate memory.

 (4) Avoid the overhead of using the recvmsg() call.  RxRPC messages can be
     intercepted before they get put into the socket Rx queue and the socket
     buffers manipulated directly.

To use the RxRPC facility, a kernel utility must still open an AF_RXRPC socket,
bind an addess as appropriate and listen if it's to be a server socket, but
then it passes this to the kernel interface functions.

The kernel interface functions are as follows:

 (*) Begin a new client call.

	struct rxrpc_call *
	rxrpc_kernel_begin_call(struct socket *sock,
				struct sockaddr_rxrpc *srx,
				struct key *key,
				unsigned long user_call_ID,
				gfp_t gfp);

     This allocates the infrastructure to make a new RxRPC call and assigns
     call and connection numbers.  The call will be made on the UDP port that
     the socket is bound to.  The call will go to the destination address of a
     connected client socket unless an alternative is supplied (srx is
     non-NULL).

     If a key is supplied then this will be used to secure the call instead of
     the key bound to the socket with the RXRPC_SECURITY_KEY sockopt.  Calls
     secured in this way will still share connections if at all possible.

     The user_call_ID is equivalent to that supplied to sendmsg() in the
     control data buffer.  It is entirely feasible to use this to point to a
     kernel data structure.

     If this function is successful, an opaque reference to the RxRPC call is
     returned.  The caller now holds a reference on this and it must be
     properly ended.

 (*) End a client call.

	void rxrpc_kernel_end_call(struct rxrpc_call *call);

     This is used to end a previously begun call.  The user_call_ID is expunged
     from AF_RXRPC's knowledge and will not be seen again in association with
     the specified call.

 (*) Send data through a call.

	int rxrpc_kernel_send_data(struct rxrpc_call *call, struct msghdr *msg,
				   size_t len);

     This is used to supply either the request part of a client call or the
     reply part of a server call.  msg.msg_iovlen and msg.msg_iov specify the
     data buffers to be used.  msg_iov may not be NULL and must point
     exclusively to in-kernel virtual addresses.  msg.msg_flags may be given
     MSG_MORE if there will be subsequent data sends for this call.

     The msg must not specify a destination address, control data or any flags
     other than MSG_MORE.  len is the total amount of data to transmit.

 (*) Abort a call.

	void rxrpc_kernel_abort_call(struct rxrpc_call *call, u32 abort_code);

     This is used to abort a call if it's still in an abortable state.  The
     abort code specified will be placed in the ABORT message sent.

 (*) Intercept received RxRPC messages.

	typedef void (*rxrpc_interceptor_t)(struct sock *sk,
					    unsigned long user_call_ID,
					    struct sk_buff *skb);

	void
	rxrpc_kernel_intercept_rx_messages(struct socket *sock,
					   rxrpc_interceptor_t interceptor);

     This installs an interceptor function on the specified AF_RXRPC socket.
     All messages that would otherwise wind up in the socket's Rx queue are
     then diverted to this function.  Note that care must be taken to process
     the messages in the right order to maintain DATA message sequentiality.

     The interceptor function itself is provided with the address of the socket
     and handling the incoming message, the ID assigned by the kernel utility
     to the call and the socket buffer containing the message.

     The skb->mark field indicates the type of message:

	MARK				MEANING
	===============================	=======================================
	RXRPC_SKB_MARK_DATA		Data message
	RXRPC_SKB_MARK_FINAL_ACK	Final ACK received for an incoming call
	RXRPC_SKB_MARK_BUSY		Client call rejected as server busy
	RXRPC_SKB_MARK_REMOTE_ABORT	Call aborted by peer
	RXRPC_SKB_MARK_NET_ERROR	Network error detected
	RXRPC_SKB_MARK_LOCAL_ERROR	Local error encountered
	RXRPC_SKB_MARK_NEW_CALL		New incoming call awaiting acceptance

     The remote abort message can be probed with rxrpc_kernel_get_abort_code().
     The two error messages can be probed with rxrpc_kernel_get_error_number().
     A new call can be accepted with rxrpc_kernel_accept_call().

     Data messages can have their contents extracted with the usual bunch of
     socket buffer manipulation functions.  A data message can be determined to
     be the last one in a sequence with rxrpc_kernel_is_data_last().  When a
     data message has been used up, rxrpc_kernel_data_delivered() should be
     called on it..

     Non-data messages should be handled to rxrpc_kernel_free_skb() to dispose
     of.  It is possible to get extra refs on all types of message for later
     freeing, but this may pin the state of a call until the message is finally
     freed.

 (*) Accept an incoming call.

	struct rxrpc_call *
	rxrpc_kernel_accept_call(struct socket *sock,
				 unsigned long user_call_ID);

     This is used to accept an incoming call and to assign it a call ID.  This
     function is similar to rxrpc_kernel_begin_call() and calls accepted must
     be ended in the same way.

     If this function is successful, an opaque reference to the RxRPC call is
     returned.  The caller now holds a reference on this and it must be
     properly ended.

 (*) Reject an incoming call.

	int rxrpc_kernel_reject_call(struct socket *sock);

     This is used to reject the first incoming call on the socket's queue with
     a BUSY message.  -ENODATA is returned if there were no incoming calls.
     Other errors may be returned if the call had been aborted (-ECONNABORTED)
     or had timed out (-ETIME).

 (*) Record the delivery of a data message and free it.

	void rxrpc_kernel_data_delivered(struct sk_buff *skb);

     This is used to record a data message as having been delivered and to
     update the ACK state for the call.  The socket buffer will be freed.

 (*) Free a message.

	void rxrpc_kernel_free_skb(struct sk_buff *skb);

     This is used to free a non-DATA socket buffer intercepted from an AF_RXRPC
     socket.

 (*) Determine if a data message is the last one on a call.

	bool rxrpc_kernel_is_data_last(struct sk_buff *skb);

     This is used to determine if a socket buffer holds the last data message
     to be received for a call (true will be returned if it does, false
     if not).

     The data message will be part of the reply on a client call and the
     request on an incoming call.  In the latter case there will be more
     messages, but in the former case there will not.

 (*) Get the abort code from an abort message.

	u32 rxrpc_kernel_get_abort_code(struct sk_buff *skb);

     This is used to extract the abort code from a remote abort message.

 (*) Get the error number from a local or network error message.

	int rxrpc_kernel_get_error_number(struct sk_buff *skb);

     This is used to extract the error number from a message indicating either
     a local error occurred or a network error occurred.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-26 15:50:17 -07:00
..
00-INDEX [NETLIK]: Add a pointer to the Generic Netlink wiki page. 2006-12-06 18:39:10 -08:00
3c359.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
3c505.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
3c509.txt Fix some typos in Documentation/: 'A' 2006-10-03 22:45:33 +02:00
6pack.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
alias.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
arcnet-hardware.txt Fix "can not" in Documentation and Kconfig 2006-10-03 22:53:09 +02:00
arcnet.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
atm.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ax25.txt [NET] AX.25 Kconfig and docs updates and fixes 2007-03-25 18:48:02 -07:00
baycom.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
bcm43xx.txt [PATCH] bcm43xx: update README 2006-03-27 11:18:34 -05:00
bonding.txt [NET]: bonding documentation fix for multiple bonding interfaces 2007-04-26 01:40:13 -07:00
bridge.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
comx.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
Configurable Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
cops.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
cs89x0.txt Fix typos in /Documentation : Misc 2006-11-30 05:21:10 +01:00
cxgb.txt Fix typos in Documentation/: 'F'-'G' 2006-10-03 22:49:15 +02:00
dccp.txt [CCID3]: Add documentation for socket options 2007-04-25 22:26:55 -07:00
de4x5.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
decnet.txt Documentation: remove duplicated words 2006-10-03 22:57:56 +02:00
depca.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
dgrs.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
dl2k.txt Fix typos in Documentation/: 'B'-'C' 2006-10-03 22:46:31 +02:00
DLINK.txt [PATCH] update Ross Biro bouncing email address 2005-05-05 16:36:49 -07:00
dmfe.txt Fix some typos in Documentation/: 'A' 2006-10-03 22:45:33 +02:00
driver.txt Fix typos in Documentation/: 'Q'-'R' 2006-10-03 22:54:15 +02:00
e100.txt e100: update e100.txt 2006-03-14 15:51:07 -08:00
e1000.txt e1000: update README for e1000 2006-12-02 00:12:01 -05:00
eql.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ewrk3.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
fib_trie.txt Fix typos in Documentation/: 'F'-'G' 2006-10-03 22:49:15 +02:00
filter.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
fore200e.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
framerelay.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
gen_stats.txt Fix typos in Documentation/: 'N'-'P' 2006-10-03 22:52:05 +02:00
generic-hdlc.txt [PATCH] Generic HDLC update 2005-05-15 22:24:12 -04:00
generic_netlink.txt [NETLIK]: Add a pointer to the Generic Netlink wiki page. 2006-12-06 18:39:10 -08:00
gianfar.txt [PATCH] Gianfar update and sysfs support 2005-11-18 13:31:26 -05:00
ifenslave.c [PATCH] Typo fixes 2006-03-28 09:16:08 -08:00
ip-sysctl.txt [NETFILTER]: bridge-nf: filter bridged IPv4/IPv6 encapsulated in pppoe traffic 2007-04-25 22:28:57 -07:00
ip_dynaddr.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ipddp.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
iphase.txt Fix typos in /Documentation : 'T'' 2006-11-30 04:55:36 +01:00
ipvs-sysctl.txt [IPVS]: Add sysctl documentation 2006-07-03 19:35:40 -07:00
irda.txt [PATCH] kernel Doc/ URL corrections 2005-11-22 09:14:30 -08:00
ixgb.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
lapb-module.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
LICENSE.qla3xxx [PATCH] qla3xxx NIC driver 2006-07-29 00:28:51 -04:00
ltpc.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
multicast.txt [PATCH] remove two obsolete net drivers 2005-05-12 22:27:35 -04:00
NAPI_HOWTO.txt Fix typos in /Documentation : Misc 2006-11-30 05:21:10 +01:00
ncsa-telnet Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
net-modules.txt [PATCH] remove two obsolete net drivers 2005-05-12 22:27:35 -04:00
netconsole.txt Fix "can not" in Documentation and Kconfig 2006-10-03 22:53:09 +02:00
netdevices.txt [NET]: Add netif_tx_lock 2006-06-17 21:30:14 -07:00
netif-msg.txt Fix typos in Documentation/: 'Q'-'R' 2006-10-03 22:54:15 +02:00
olympic.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
operstates.txt Fix some typos in Documentation/: 'A' 2006-10-03 22:45:33 +02:00
packet_mmap.txt Fix typos in /Documentation : Misc 2006-11-30 05:21:10 +01:00
phy.txt [PATCH] PHY: Add support for configuring the PHY connection interface 2006-12-02 00:33:11 -05:00
pktgen.txt Fix typos in /Documentation : Misc 2006-11-30 05:21:10 +01:00
PLIP.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
policy-routing.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ppp_generic.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
proc_net_tcp.txt Fix typos in /Documentation : 'T'' 2006-11-30 04:55:36 +01:00
pt.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ray_cs.txt [PATCH] Remove MODULE_PARM 2006-03-25 08:22:52 -08:00
README.ipw2100 [PATCH] ipw2x00: expend Copyright to 2006 2006-03-17 16:14:47 -05:00
README.ipw2200 [PATCH] ipw2200: update version stamp to 1.1.2 2006-04-24 16:15:56 -04:00
README.sb1000 Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
routing.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
rxrpc.txt [AF_RXRPC]: Add an interface to the AF_RXRPC module for the AFS filesystem to use 2007-04-26 15:50:17 -07:00
s2io.txt Documentation: remove duplicated words 2006-10-03 22:57:56 +02:00
sctp.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
secid.txt [MLSXFRM]: Add security sid to flowi 2006-09-22 14:53:23 -07:00
shaper.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sk98lin.txt Fix typos in /Documentation : 'U-Z' 2006-11-30 04:58:40 +01:00
skfp.txt Fix "can not" in Documentation and Kconfig 2006-10-03 22:53:09 +02:00
slicecom.hun Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
slicecom.txt Fix typos in /Documentation : 'U-Z' 2006-11-30 04:58:40 +01:00
smc9.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
smctr.txt Fix typos in Documentation/: 'S' 2006-10-03 22:55:17 +02:00
tcp.txt Fix "can not" in Documentation and Kconfig 2006-10-03 22:53:09 +02:00
tlan.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
tms380tr.txt Fix typos in Documentation/: 'S' 2006-10-03 22:55:17 +02:00
tuntap.txt [NET]: Require CAP_NET_ADMIN to create tuntap devices. 2006-06-23 02:07:44 -07:00
udplite.txt [NET]: Supporting UDP-Lite (RFC 3828) in Linux 2006-12-02 21:22:46 -08:00
vortex.txt Fix typos in Documentation/: 'N'-'P' 2006-10-03 22:52:05 +02:00
wan-router.txt [NET]: Delete unused header file linux/if_wanpipe_common.h 2007-04-26 00:59:27 -07:00
wavelan.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
x25-iface.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
x25.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
xfrm_sync.txt [XFRM]: Fix aevent structuring to be more complete. 2006-12-02 22:22:25 -08:00
z8530drv.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00

sb1000 is a module network device driver for the General Instrument (also known
as NextLevel) SURFboard1000 internal cable modem board.  This is an ISA card
which is used by a number of cable TV companies to provide cable modem access.
It's a one-way downstream-only cable modem, meaning that your upstream net link
is provided by your regular phone modem.

This driver was written by Franco Venturi <fventuri@mediaone.net>.  He deserves
a great deal of thanks for this wonderful piece of code!

-----------------------------------------------------------------------------

Support for this device is now a part of the standard Linux kernel.  The
driver source code file is drivers/net/sb1000.c.  In addition to this
you will need:

1.) The "cmconfig" program.  This is a utility which supplements "ifconfig"
to configure the cable modem and network interface (usually called "cm0");
and

2.) Several PPP scripts which live in /etc/ppp to make connecting via your
cable modem easy.

   These utilities can be obtained from:

      http://www.jacksonville.net/~fventuri/

   in Franco's original source code distribution .tar.gz file.  Support for
   the sb1000 driver can be found at:

      http://home.adelphia.net/~siglercm/sb1000.html
      http://linuxpower.cx/~cable/

   along with these utilities.

3.) The standard isapnp tools.  These are necessary to configure your SB1000
card at boot time (or afterwards by hand) since it's a PnP card.

   If you don't have these installed as a standard part of your Linux
   distribution, you can find them at:

      http://www.roestock.demon.co.uk/isapnptools/

   or check your Linux distribution binary CD or their web site.  For help with
   isapnp, pnpdump, or /etc/isapnp.conf, go to:

      http://www.roestock.demon.co.uk/isapnptools/isapnpfaq.html

-----------------------------------------------------------------------------

To make the SB1000 card work, follow these steps:

1.) Run `make config', or `make menuconfig', or `make xconfig', whichever
you prefer, in the top kernel tree directory to set up your kernel
configuration.  Make sure to say "Y" to "Prompt for development drivers"
and to say "M" to the sb1000 driver.  Also say "Y" or "M" to all the standard
networking questions to get TCP/IP and PPP networking support.

2.) *BEFORE* you build the kernel, edit drivers/net/sb1000.c.  Make sure
to redefine the value of READ_DATA_PORT to match the I/O address used
by isapnp to access your PnP cards.  This is the value of READPORT in
/etc/isapnp.conf or given by the output of pnpdump.

3.) Build and install the kernel and modules as usual.

4.) Boot your new kernel following the usual procedures.

5.) Set up to configure the new SB1000 PnP card by capturing the output
of "pnpdump" to a file and editing this file to set the correct I/O ports,
IRQ, and DMA settings for all your PnP cards.  Make sure none of the settings
conflict with one another.  Then test this configuration by running the
"isapnp" command with your new config file as the input.  Check for
errors and fix as necessary.  (As an aside, I use I/O ports 0x110 and
0x310 and IRQ 11 for my SB1000 card and these work well for me.  YMMV.)
Then save the finished config file as /etc/isapnp.conf for proper configuration
on subsequent reboots.

6.) Download the original file sb1000-1.1.2.tar.gz from Franco's site or one of
the others referenced above.  As root, unpack it into a temporary directory and
do a `make cmconfig' and then `install -c cmconfig /usr/local/sbin'.  Don't do
`make install' because it expects to find all the utilities built and ready for
installation, not just cmconfig.

7.) As root, copy all the files under the ppp/ subdirectory in Franco's
tar file into /etc/ppp, being careful not to overwrite any files that are
already in there.  Then modify ppp@gi-on to set the correct login name,
phone number, and frequency for the cable modem.  Also edit pap-secrets
to specify your login name and password and any site-specific information
you need.

8.) Be sure to modify /etc/ppp/firewall to use ipchains instead of
the older ipfwadm commands from the 2.0.x kernels.  There's a neat utility to
convert ipfwadm commands to ipchains commands:

   http://users.dhp.com/~whisper/ipfwadm2ipchains/

You may also wish to modify the firewall script to implement a different
firewalling scheme.

9.) Start the PPP connection via the script /etc/ppp/ppp@gi-on.  You must be
root to do this.  It's better to use a utility like sudo to execute
frequently used commands like this with root permissions if possible.  If you
connect successfully the cable modem interface will come up and you'll see a
driver message like this at the console:

         cm0: sb1000 at (0x110,0x310), csn 1, S/N 0x2a0d16d8, IRQ 11.
         sb1000.c:v1.1.2 6/01/98 (fventuri@mediaone.net)

The "ifconfig" command should show two new interfaces, ppp0 and cm0.
The command "cmconfig cm0" will give you information about the cable modem
interface.

10.) Try pinging a site via `ping -c 5 www.yahoo.com', for example.  You should
see packets received.

11.) If you can't get site names (like www.yahoo.com) to resolve into
IP addresses (like 204.71.200.67), be sure your /etc/resolv.conf file
has no syntax errors and has the right nameserver IP addresses in it.
If this doesn't help, try something like `ping -c 5 204.71.200.67' to
see if the networking is running but the DNS resolution is where the
problem lies.

12.) If you still have problems, go to the support web sites mentioned above
and read the information and documentation there.

-----------------------------------------------------------------------------

Common problems:

1.) Packets go out on the ppp0 interface but don't come back on the cm0
interface.  It looks like I'm connected but I can't even ping any
numerical IP addresses.  (This happens predominantly on Debian systems due
to a default boot-time configuration script.)

Solution -- As root `echo 0 > /proc/sys/net/ipv4/conf/cm0/rp_filter' so it
can share the same IP address as the ppp0 interface.  Note that this
command should probably be added to the /etc/ppp/cablemodem script
*right*between* the "/sbin/ifconfig" and "/sbin/cmconfig" commands.
You may need to do this to /proc/sys/net/ipv4/conf/ppp0/rp_filter as well.
If you do this to /proc/sys/net/ipv4/conf/default/rp_filter on each reboot
(in rc.local or some such) then any interfaces can share the same IP
addresses.

2.) I get "unresolved symbol" error messages on executing `insmod sb1000.o'.

Solution -- You probably have a non-matching kernel source tree and
/usr/include/linux and /usr/include/asm header files.  Make sure you
install the correct versions of the header files in these two directories.
Then rebuild and reinstall the kernel.

3.) When isapnp runs it reports an error, and my SB1000 card isn't working.

Solution -- There's a problem with later versions of isapnp using the "(CHECK)"
option in the lines that allocate the two I/O addresses for the SB1000 card.
This first popped up on RH 6.0.  Delete "(CHECK)" for the SB1000 I/O addresses.
Make sure they don't conflict with any other pieces of hardware first!  Then
rerun isapnp and go from there.

4.) I can't execute the /etc/ppp/ppp@gi-on file.

Solution -- As root do `chmod ug+x /etc/ppp/ppp@gi-on'.

5.) The firewall script isn't working (with 2.2.x and higher kernels).

Solution -- Use the ipfwadm2ipchains script referenced above to convert the
/etc/ppp/firewall script from the deprecated ipfwadm commands to ipchains.

6.) I'm getting *tons* of firewall deny messages in the /var/kern.log,
/var/messages, and/or /var/syslog files, and they're filling up my /var
partition!!!

Solution -- First, tell your ISP that you're receiving DoS (Denial of Service)
and/or portscanning (UDP connection attempts) attacks!  Look over the deny
messages to figure out what the attack is and where it's coming from.  Next,
edit /etc/ppp/cablemodem and make sure the ",nobroadcast" option is turned on
to the "cmconfig" command (uncomment that line).  If you're not receiving these
denied packets on your broadcast interface (IP address xxx.yyy.zzz.255
typically), then someone is attacking your machine in particular.  Be careful
out there....

7.) Everything seems to work fine but my computer locks up after a while
(and typically during a lengthy download through the cable modem)!

Solution -- You may need to add a short delay in the driver to 'slow down' the
SURFboard because your PC might not be able to keep up with the transfer rate
of the SB1000. To do this, it's probably best to download Franco's
sb1000-1.1.2.tar.gz archive and build and install sb1000.o manually.  You'll
want to edit the 'Makefile' and look for the 'SB1000_DELAY'
define.  Uncomment those 'CFLAGS' lines (and comment out the default ones)
and try setting the delay to something like 60 microseconds with:
'-DSB1000_DELAY=60'.  Then do `make' and as root `make install' and try
it out.  If it still doesn't work or you like playing with the driver, you may
try other numbers.  Remember though that the higher the delay, the slower the
driver (which slows down the rest of the PC too when it is actively
used). Thanks to Ed Daiga for this tip!

-----------------------------------------------------------------------------

Credits:  This README came from Franco Venturi's original README file which is
still supplied with his driver .tar.gz archive.  I and all other sb1000 users
owe Franco a tremendous "Thank you!"  Additional thanks goes to Carl Patten
and Ralph Bonnell who are now managing the Linux SB1000 web site, and to
the SB1000 users who reported and helped debug the common problems listed
above.


					Clemmitt Sigler
					csigler@vt.edu