search

NICMx / Jool

SIIT and NAT64 for Linux
GNU General Public License v2.0
317 stars 66 forks source link

Jool stateful NAT64 does not work with net.core.default_qdisc=fq #420

Open mstraubAC opened 7 months ago

mstraubAC commented 7 months ago

Observed behaviour

If system boots with net.core.default_qdisc=fq_codel, everything works. Also changing to net.core.default_qdisc=fq after bootup is no problem.

If the Linux Kernel is configured to use fair queueing (fq) during bootup, jool runs in to an error during sending packets.

[   86.617685] Jool NAT64/8e68ca40/s5b: ===============================================
[   86.617695] Jool NAT64/8e68ca40/s5b: Packet: 2a13:fc80:e000:1000:f43f:cff:fe95:a673->64:ff9b::808:808
[   86.617700] Jool NAT64/8e68ca40/s5b: ICMPv6 type:128 code:0 id:46303
[   86.617703] Jool NAT64/8e68ca40/s5b: Step 1: Determining the Incoming Tuple
[   86.617705] Jool NAT64/8e68ca40/s5b: Tuple: 2a13:fc80:e000:1000:f43f:cff:fe95:a673#46303 -> 64:ff9b::808:808#46303 (ICMP)
[   86.617709] Jool NAT64/8e68ca40/s5b: Done step 1.
[   86.617711] Jool NAT64/8e68ca40/s5b: Step 2: Filtering and Updating
[   86.617717] Jool NAT64/8e68ca40/s5b: Routing: 0.0.0.0->8.8.8.8
[   86.617723] Jool NAT64/8e68ca40/s5b: Packet routed via device 'ipv4uplink'.
[   86.617727] Jool NAT64/8e68ca40/s5b: BIB entry: 2a13:fc80:e000:1000:f43f:cff:fe95:a673#46303 - 100.64.0.3#63610 (ICMP)
[   86.617730] Jool NAT64/8e68ca40/s5b: Session entry: 2a13:fc80:e000:1000:f43f:cff:fe95:a673#46303 - 64:ff9b::808:808#46303 | 100.64.0.3#63610 - 8.8.8.8#63610 (ICMP)
[   86.617734] Jool NAT64/8e68ca40/s5b: Done: Step 2.
[   86.617736] Jool NAT64/8e68ca40/s5b: Step 3: Computing the Outgoing Tuple
[   86.617738] Jool NAT64/8e68ca40/s5b: Tuple: 100.64.0.3#63610 -> 8.8.8.8#63610 (ICMP)
[   86.617741] Jool NAT64/8e68ca40/s5b: Done step 3.
[   86.617743] Jool NAT64/8e68ca40/s5b: Step 4: Translating the Packet
[   86.617749] Jool NAT64/8e68ca40/s5b: Done step 4.
[   86.617752] Jool NAT64/8e68ca40/s5b: Sending packet.
[   86.617758] Jool NAT64/8e68ca40/s5b: dst_output() returned errcode 1.

Expected behaviour

Jool works fine with fair queueing enabled during boot up, i.e. applying /etc/sysctl.conf.

Setup

How to reproduce

  1. Setup a fresh Debian Bookworm system
  2. Install jool from Debian repositories
  3. Add line net.core.default_qdisc=fq to /etc/sysctl.conf and reboot.
  4. Setup stateful NAT64 with jool, i.e. jool instance add "default" --netfilter --pool6 64:ff9b::/96
  5. From another IPv6 connected system, try to ping IPv4 endpoint through jool.
ydahhrk commented 7 months ago

Sorry; I cannot reproduce this.

VM:

al@debian12:~$ uname -a
Linux debian12 6.1.0-17-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.69-1 (2023-12-30) x86_64 GNU/Linux
al@debian12:~$ tail -1 /etc/sysctl.conf
net.core.default_qdisc=fq
al@debian12:~$ bin/simple-nat64-network-vm.sh
[sudo] password for al:
al@debian12:~$ jool --version
4.1.9.0
al@debian12:~$ sudo dmesg | tail -2
[   45.931995] NAT64 Jool v4.1.9.0 module inserted.
[   45.945391] Jool: Created instance 'default'.

Host:

ahhrk@host:~/bin$ ping6 -c1 64:ff9b::192.0.2.8
PING 64:ff9b::192.0.2.8(64:ff9b::c000:208) 56 data bytes
64 bytes from 64:ff9b::c000:208: icmp_seq=1 ttl=63 time=0.470 ms

--- 64:ff9b::192.0.2.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.470/0.470/0.470/0.000 ms

Show VM's reboot:

al@debian12:~$ history | tail -7
   44  sudo reboot
   45  uname -a
   46  tail -1 /etc/sysctl.conf
   47  bin/simple-nat64-network-vm.sh
   48  jool --version
   49  sudo dmesg | tail -2
   50  history | tail -7

(I had to add .txt to force Github to attach them.)

ydahhrk commented 7 months ago

dst_output() 1 is a typical kernel response to an unroutable packet. 1 stands for EPERM, presumably.

Regardless of Jool, can you ping 8.8.8.8 from the translator? After adding net.core.default_qdisc=fq and rebooting, I mean.

(Also: Is that source (100.64.0.3) sensible?)

zajdee commented 1 month ago

I believe #400 has resolved this issue, which can now be closed. Jool 4.1.10+ works well with fq.