Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Jool stateful NAT64 does not work with net.core.default_qdisc=fq #420

Open
mstraubAC opened this issue Jan 5, 2024 · 3 comments
Open

Jool stateful NAT64 does not work with net.core.default_qdisc=fq #420

mstraubAC opened this issue Jan 5, 2024 · 3 comments

Comments

@mstraubAC
Copy link

Observed behaviour

If system boots with net.core.default_qdisc=fq_codel, everything works. Also changing to net.core.default_qdisc=fq after bootup is no problem.

If the Linux Kernel is configured to use fair queueing (fq) during bootup, jool runs in to an error during sending packets.

[   86.617685] Jool NAT64/8e68ca40/s5b: ===============================================
[   86.617695] Jool NAT64/8e68ca40/s5b: Packet: 2a13:fc80:e000:1000:f43f:cff:fe95:a673->64:ff9b::808:808
[   86.617700] Jool NAT64/8e68ca40/s5b: ICMPv6 type:128 code:0 id:46303
[   86.617703] Jool NAT64/8e68ca40/s5b: Step 1: Determining the Incoming Tuple
[   86.617705] Jool NAT64/8e68ca40/s5b: Tuple: 2a13:fc80:e000:1000:f43f:cff:fe95:a673#46303 -> 64:ff9b::808:808#46303 (ICMP)
[   86.617709] Jool NAT64/8e68ca40/s5b: Done step 1.
[   86.617711] Jool NAT64/8e68ca40/s5b: Step 2: Filtering and Updating
[   86.617717] Jool NAT64/8e68ca40/s5b: Routing: 0.0.0.0->8.8.8.8
[   86.617723] Jool NAT64/8e68ca40/s5b: Packet routed via device 'ipv4uplink'.
[   86.617727] Jool NAT64/8e68ca40/s5b: BIB entry: 2a13:fc80:e000:1000:f43f:cff:fe95:a673#46303 - 100.64.0.3#63610 (ICMP)
[   86.617730] Jool NAT64/8e68ca40/s5b: Session entry: 2a13:fc80:e000:1000:f43f:cff:fe95:a673#46303 - 64:ff9b::808:808#46303 | 100.64.0.3#63610 - 8.8.8.8#63610 (ICMP)
[   86.617734] Jool NAT64/8e68ca40/s5b: Done: Step 2.
[   86.617736] Jool NAT64/8e68ca40/s5b: Step 3: Computing the Outgoing Tuple
[   86.617738] Jool NAT64/8e68ca40/s5b: Tuple: 100.64.0.3#63610 -> 8.8.8.8#63610 (ICMP)
[   86.617741] Jool NAT64/8e68ca40/s5b: Done step 3.
[   86.617743] Jool NAT64/8e68ca40/s5b: Step 4: Translating the Packet
[   86.617749] Jool NAT64/8e68ca40/s5b: Done step 4.
[   86.617752] Jool NAT64/8e68ca40/s5b: Sending packet.
[   86.617758] Jool NAT64/8e68ca40/s5b: dst_output() returned errcode 1.

Expected behaviour

Jool works fine with fair queueing enabled during boot up, i.e. applying /etc/sysctl.conf.

Setup

  • Distribution Debian Bookworm
  • Kernel Linux nat64 6.1.0-17-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.69-1 (2023-12-30) x86_64 GNU/Linux
  • jool-dkms 4.1.9-1
  • jool-tools 4.1.9-1

How to reproduce

  1. Setup a fresh Debian Bookworm system
  2. Install jool from Debian repositories
  3. Add line net.core.default_qdisc=fq to /etc/sysctl.conf and reboot.
  4. Setup stateful NAT64 with jool, i.e. jool instance add "default" --netfilter --pool6 64:ff9b::/96
  5. From another IPv6 connected system, try to ping IPv4 endpoint through jool.
@ydahhrk
Copy link
Member

ydahhrk commented Jan 8, 2024
edited
Loading

Sorry; I cannot reproduce this.

VM:

al@debian12:~$ uname -a
Linux debian12 6.1.0-17-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.69-1 (2023-12-30) x86_64 GNU/Linux
al@debian12:~$ tail -1 /etc/sysctl.conf
net.core.default_qdisc=fq
al@debian12:~$ bin/simple-nat64-network-vm.sh
[sudo] password for al:
al@debian12:~$ jool --version
4.1.9.0
al@debian12:~$ sudo dmesg | tail -2
[   45.931995] NAT64 Jool v4.1.9.0 module inserted.
[   45.945391] Jool: Created instance 'default'.

Host:

ahhrk@host:~/bin$ ping6 -c1 64:ff9b::192.0.2.8
PING 64:ff9b::192.0.2.8(64:ff9b::c000:208) 56 data bytes
64 bytes from 64:ff9b::c000:208: icmp_seq=1 ttl=63 time=0.470 ms

--- 64:ff9b::192.0.2.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.470/0.470/0.470/0.000 ms

Show VM's reboot:

al@debian12:~$ history | tail -7
   44  sudo reboot
   45  uname -a
   46  tail -1 /etc/sysctl.conf
   47  bin/simple-nat64-network-vm.sh
   48  jool --version
   49  sudo dmesg | tail -2
   50  history | tail -7

(I had to add .txt to force Github to attach them.)

@ydahhrk
Copy link
Member

ydahhrk commented Jan 8, 2024
edited
Loading

dst_output() 1 is a typical kernel response to an unroutable packet. 1 stands for EPERM, presumably.

Regardless of Jool, can you ping 8.8.8.8 from the translator? After adding net.core.default_qdisc=fq and rebooting, I mean.

(Also: Is that source (100.64.0.3) sensible?)

@zajdee
Copy link

zajdee commented Jul 2, 2024

I believe #400 has resolved this issue, which can now be closed. Jool 4.1.10+ works well with fq.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mstraubAC @ydahhrk @zajdee