Cannot add UDP or ICMP in Pool4 (Jool 4.0.0)

[rfloriot]

Hello,

I am trying Jool to experiment IPv6 only network at university. It works well when I don't specify any pool4 (when the NAT64 uses its own IPv4 when converting IPv6 packet into an IPv4 packet). But when I configure a pool of IPv4, it only works for TCP. The command "jool -i instance pool4 display" does not show any UDP/ICMP entry altough I have added such with a command like this one: "sudo jool -i instance pool4 add --udp Y.Y.Y.Y 10000-14000"

Here is my setup:

• Ubuntu 18.04 4.15.0-45-generic with a single network interface.

• An IPv4 (public, /28). Let's say X.X.X.X here

• A pool /24 public ready to be used by the NAT. Here let's say this is Y.Y.Y.0/24

• An IPv6 (public, /64). Let's say Z::1 here

• Jool installed in version 4.0.0 ( sha1 de72f5f5a15a7218dc7cd566b108f8f2323b3a3a )

• The routing is correctly done so that 64:ff9b::/96 is coming to this NAT64 server.

• Also this server has a correct default route so that it is able to transmit a packet from this /24 Pool (the pool does not belong to its own network range).

The command I run are the following:

$ sudo /sbin/modprobe jool $ sudo jool instance add UCL --iptables --pool6 64:ff9b::/96 $ sudo jool -i UCL pool4 add --tcp Y.Y.Y.1 10000-14000 $ sudo jool -i UCL pool4 add --udp Y.Y.Y.1 10000-14000 $ sudo jool -i UCL pool4 add --icmp Y.Y.Y.1 10000-14000

$ sudo ip6tables -t mangle -A PREROUTING --destination 64:ff9b::/96 -j JOOL --instance UCL $ sudo iptables -t mangle -A PREROUTING --destination Y.Y.Y.1 -p tcp --dport 10000:14000 -j JOOL --instance UCL $ sudo iptables -t mangle -A PREROUTING --destination Y.Y.Y.1 -p udp --dport 10000:14000 -j JOOL --instance UCL $ sudo iptables -t mangle -A PREROUTING --destination Y.Y.Y.1 -p icmp -j JOOL --instance UCL

After this setup, It works only for TCP packets. The content of the Pool 4 table is the following:

$ sudo jool -i UCL pool4 display +------------+-------+--------------------+-----------------+-------------+ | Mark | Proto | Max iterations | Address | Ports | +------------+-------+--------------------+-----------------+-------------+ | 0 | TCP | 1024 ( auto) | Y.Y.Y.1 | 10000-14000 | +------------+-------+--------------------+-----------------+-------------+

So there is no UDP/ICMP protocol displayed. Note that: I can add another TCP pool, it will work and be shown in this table. Also playing with ports and address used (ex a different address for UDP than the one for TCP) does not solve the issue.

Also the debbuging does not show anything special, here is what it gives for this test:

Feb 5 16:30:01 kernel: [ 195.941973] NAT64 Jool: Registering Generic Netlink family... Feb 5 16:30:01 kernel: [ 195.941991] NAT64 Jool: NAT64 Jool v4.0.0.0 module inserted. Feb 5 16:30:15 kernel: [ 209.883783] NAT64 Jool: =============================================== Feb 5 16:30:15 kernel: [ 209.883785] NAT64 Jool: Received a request from userspace. Feb 5 16:30:15 kernel: [ 209.883786] NAT64 Jool: Adding Jool instance. Feb 5 16:30:15 kernel: [ 209.883792] NAT64 Jool: Created instance 'UCL'. Feb 5 16:30:22 kernel: [ 216.827595] NAT64 Jool: =============================================== Feb 5 16:30:22 kernel: [ 216.827597] NAT64 Jool: Received a request from userspace. Feb 5 16:30:22 kernel: [ 216.827600] NAT64 Jool: Adding elements to pool4. Feb 5 16:30:27 kernel: [ 222.802957] NAT64 Jool: =============================================== Feb 5 16:30:27 kernel: [ 222.802958] NAT64 Jool: Received a request from userspace. Feb 5 16:30:27 kernel: [ 222.802960] NAT64 Jool: Adding elements to pool4. Feb 5 16:30:51 kernel: [ 246.507632] NAT64 Jool: =============================================== Feb 5 16:31:12 kernel: [ 267.372375] NAT64 Jool: Received a request from userspace. Feb 5 16:31:12 kernel: [ 267.372378] NAT64 Jool: Adding elements to pool4. Feb 5 16:31:19 kernel: [ 273.915650] NAT64 Jool: =============================================== Feb 5 16:31:19 kernel: [ 273.915651] NAT64 Jool: Received a request from userspace. Feb 5 16:31:19 kernel: [ 273.915654] NAT64 Jool: Sending pool4 to userspace. Feb 5 16:31:30 kernel: [ 285.116408] NAT64 Jool:

Thank you for your help, I am availble for any question regarding my setup/experiment.

Have a nice day,

Rémi Floriot Université Catholique de Louvain Belgium

[ydahhrk]

You need to print the tables separately now.

sudo jool -i UCL pool4 display # TCP by default
sudo jool -i UCL pool4 display --udp
sudo jool -i UCL pool4 display --icmp

Sorry about the inconveniences. The reason why you need to print them separately now is to mirror the fact that you also need to add them separately now. The reason why you need to add them separately now is to guarantee the atomicity of each pool4 add.

(The problem was that adding all three entries with a single pool4 add command was that they were each a separate request to kernelspace. In other words, the Jool client would first request the creation of the TCP entry, then the UDP entry, and then the ICMP entry. If eg. the ICMP entry failed for some reason, the TCP and UDP entry would manage to be committed into the database, even though the ICMP entry would not, and the command would report overall failure.)

[ydahhrk]

TBH, "to mirror the fact that you also need to add them separately now" is a weak argument, and it looks like it's a little confusing, so if there's interest in printing all entries on pool4 display by default, it could be done.

[ydahhrk]

... Huh. I can see why you were confused. The documentation is wrong. I'll patch it now.

[rfloriot]

Thank you very much, I close this issue. (But i will open another one for a crash inside a VM ^^)