Protocolary updates for release 4.1.1

NICMx · Jul 1, 2020 · fc1a687 · fc1a687
1 parent 212acb4
commit fc1a687
Show file tree

Hide file tree

Showing 20 changed files with 140 additions and 103 deletions.
diff --git a/.gitignore b/.gitignore
@@ -22,6 +22,7 @@ ltmain.sh
 *.symvers
 .tmp_versions
 .cache.mk
+built-in.a
 
 # ?
 *.o.d

diff --git a/configure.ac b/configure.ac
@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ([2.68])
-AC_INIT([Jool], [4.1.0], [jool@nic.mx])
+AC_INIT([Jool], [4.1.1], [jool@nic.mx])
 AC_CONFIG_SRCDIR([src/common/xlat.h])
 AM_INIT_AUTOMAKE([subdir-objects])
 LT_PREREQ([2.4.6])

diff --git a/docs/_config.yml b/docs/_config.yml
@@ -3,7 +3,7 @@ baseurl: /Jool
 repository-url: https://github.com/NICMx/Jool
 downloads-url: https://github.com/NICMx/releases/raw/master/Jool
 downloads-url-2: https://github.com/NICMx/Jool/releases/download
-latest-version: 4.1.0
+latest-version: 4.1.1
 
 rfc-siit: https://tools.ietf.org/html/rfc7915
 draft-siit-eam: https://tools.ietf.org/html/rfc7757

diff --git a/docs/en/download.md b/docs/en/download.md
@@ -15,13 +15,14 @@ title: Download
 
 Jool 4.1 is a [compliant SIIT and Stateful NAT64](intro-jool.html#compliance).
 
-Currently, 4.1.0 is the latest version of Jool.
+Currently, 4.1.1 is the latest version of Jool.
 
 | Release Date | Version | .tar.gz | .tar.gz Signature | Git commit | .deb |
 |--------------|---------|---------|-------------------|------------|------|
-| 2020-06-16   | **4.1.0** | [Download]({{ site.downloads-url-2 }}/v4.1.0/jool-4.1.0.tar.gz) | [Signature]({{ site.downloads-url-2 }}/v4.1.0/jool-4.1.0.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.1.0" target="_blank">Link</a> | [Kernel modules]({{ site.downloads-url-2 }}/v4.1.0/jool-dkms_4.1.0-1_all.deb)<br />[Userspace tools]({{ site.downloads-url-2 }}/v4.1.0/jool-tools_4.1.0-1_amd64.deb) (amd64 only) |
+| 2020-07-01   | **4.1.1** | [Download]({{ site.downloads-url-2 }}/v4.1.1/jool-4.1.1.tar.gz) | [Signature]({{ site.downloads-url-2 }}/v4.1.1/jool-4.1.1.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.1.1" target="_blank">Link</a> | [Kernel modules]({{ site.downloads-url-2 }}/v4.1.1/jool-dkms_4.1.1-1_all.deb)<br />[Userspace tools]({{ site.downloads-url-2 }}/v4.1.1/jool-tools_4.1.1-1_amd64.deb) (amd64 only) |
+| 2020-06-16   | <del>4.1.0</del> | [Download]({{ site.downloads-url-2 }}/v4.1.0/jool-4.1.0.tar.gz) | [Signature]({{ site.downloads-url-2 }}/v4.1.0/jool-4.1.0.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.1.0" target="_blank">Link</a> | [Kernel modules]({{ site.downloads-url-2 }}/v4.1.0/jool-dkms_4.1.0-1_all.deb)<br />[Userspace tools]({{ site.downloads-url-2 }}/v4.1.0/jool-tools_4.1.0-1_amd64.deb) (amd64 only) |
 
-"rc" stands for "Release Candidate." [This](http://keys.gnupg.net/pks/lookup?op=get&search=0x72160FD57B242967) is my public key. It is not yet certified, so the Signature column is mostly just theater for now.
+[This](http://keys.gnupg.net/pks/lookup?op=get&search=0x72160FD57B242967) is my public key. It is not yet certified, so the Signature column is mostly just theater for now.
 
 ## 4.0.x
 
@@ -47,6 +48,8 @@ Currently, 4.0.9 is the most mature version of Jool.
 | 2018-12-14   | <del>3.6.0-rc2</del> | [Download]({{ site.downloads-url }}/jool_3.6.0-rc2.tar.gz) | - | <a href="{{ site.repository-url }}/tree/v3.6.0-rc2" target="_blank">Link</a> | - |
 | 2018-11-24   | <del>3.6.0-rc1</del> | [Download]({{ site.downloads-url }}/jool_3.6.0-rc1.tar.gz) | - | <a href="{{ site.repository-url }}/tree/v3.6.0-rc1" target="_blank">Link</a> | - |
 
+"rc" stands for "Release Candidate."
+
 ## 3.5.x
 
 Jool 3.5 is a generally compliant SIIT and Stateful NAT64.

diff --git a/docs/en/index.md b/docs/en/index.md
@@ -22,7 +22,7 @@ Jool is an Open Source [SIIT and NAT64](intro-xlat.html) for Linux.
 
 As far as we know, Jool is a [compliant](intro-jool.html#compliance) SIIT and Stateful NAT64.
 
-Its latest version is [4.1.0](download.html#41x) and its most mature version is [4.0.9](download.html#40x).
+Its latest version is [4.1.1](download.html#41x) and its most mature version is [4.0.9](download.html#40x).
 
 -------------------
 
@@ -34,18 +34,14 @@ Its latest version is [4.1.0](download.html#41x) and its most mature version is
 
 ## Latest News
 
-### 2020-06-16
+### 2020-07-01
 
-[Jool 4.1.0](download.html) has been released.
+[Jool 4.1.1](download.html) has been released.
 
-Improvements:
+Bugfixes:
 
-1. [#136](https://github.com/NICMx/Jool/issues/136): Implement [`lowest-ipv6-mtu`](usr-flags-global.html#lowest-ipv6-mtu).
-2. Implement shallow translation of ICMP extensions. (RFC 7915 pp. [13](https://tools.ietf.org/html/rfc7915#page-13), [22](https://tools.ietf.org/html/rfc7915#page-22))
-3. [#329](https://github.com/NICMx/Jool/issues/329): Add support for kernel 5.7.
+1. [#331](https://github.com/NICMx/Jool/issues/331): Remove need to disable offloads again.
+3. [#332](https://github.com/NICMx/Jool/issues/332): Patch bad NAT64 translation on empty pool4.
 
-There is one downgrade:
+> Remember that `lowest-ipv6-mtu`'s paranoid default might induce unnecessary fragmentation. If you want Jool 4.1 to reach 4.0's performance, please review the [MTU documentation](mtu.html).
 
-1. 4.1.0 drops support for kernels 3.13 - 3.15, and RHEL 7.0 - 7.5. Here's the updated [compatibility table](intro-jool.html#compatibility).
-
-Also, note that `lowest-ipv6-mtu`'s paranoid default might induce unnecessary fragmentation. If you want 4.1.0 to reach 4.0.9's performance, please review the [MTU documentation](mtu.html).
diff --git a/src/common/xlat.h b/src/common/xlat.h
@@ -9,7 +9,7 @@
  */
 #define JOOL_VERSION_MAJOR 4
 #define JOOL_VERSION_MINOR 1
-#define JOOL_VERSION_REV 0
+#define JOOL_VERSION_REV 1
 #define JOOL_VERSION_DEV 0
 
 /** See http://stackoverflow.com/questions/195975 */

diff --git a/src/mod/common/Kbuild b/src/mod/common/Kbuild
@@ -10,6 +10,7 @@ jool_common-objs += rfc7915/common.o
 jool_common-objs += rfc7915/core.o
 
 jool_common-objs += address_xlat.o
+jool_common-objs += dev.o
 jool_common-objs += kernel_hook_netfilter.o
 jool_common-objs += kernel_hook_iptables.o
 jool_common-objs += log.o

diff --git a/src/mod/common/db/blacklist4.c b/src/mod/common/db/blacklist4.c
@@ -1,10 +1,6 @@
 #include "blacklist4.h"
 
-#include <linux/rculist.h>
-#include <linux/inet.h>
-#include <linux/netdevice.h>
-#include <linux/inetdevice.h>
-
+#include "mod/common/dev.h"
 #include "mod/common/address.h"
 #include "mod/common/xlator.h"
 #include "mod/common/rcu.h"
@@ -41,6 +37,36 @@ int blacklist4_flush(struct addr4_pool *pool)
 	return pool_flush(pool);
 }
 
+#define NOT_BLACKLISTED false
+#define BLACKLISTED true
+
+/* "Check interface address" */
+static int check_ifa(struct in_ifaddr *ifa, void const *arg)
+{
+	struct in_addr const *query = arg;
+	struct in_addr ifaddr;
+
+	/* Broadcast */
+	/* (RFC3021: /31 and /32 networks lack broadcast) */
+	if (ifa->ifa_prefixlen < 31) {
+		ifaddr.s_addr = ifa->ifa_local | ~ifa->ifa_mask;
+		if (ipv4_addr_cmp(&ifaddr, query) == 0)
+			return BLACKLISTED;
+	}
+
+	/* Secondary addresses */
+	/* https://github.com/NICMx/Jool/issues/223 */
+	if (ifa->ifa_flags & IFA_F_SECONDARY)
+		return NOT_BLACKLISTED;
+
+	/* Primary addresses */
+	ifaddr.s_addr = ifa->ifa_local;
+	if (ipv4_addr_cmp(&ifaddr, query) == 0)
+		return BLACKLISTED;
+
+	return NOT_BLACKLISTED;
+}
+
 /**
  * Is @addr *NOT* translatable, according to the interfaces?
  *
@@ -51,44 +77,7 @@ int blacklist4_flush(struct addr4_pool *pool)
  */
 bool interface_contains(struct net *ns, struct in_addr *addr)
 {
-	struct net_device *dev;
-	struct in_device *in_dev;
-	struct in_ifaddr *ifa;
-	struct in_addr ifaddr;
-
-	rcu_read_lock();
-	for_each_netdev_rcu(ns, dev) {
-		in_dev = rcu_dereference(dev->ip_ptr);
-		ifa = in_dev->ifa_list;
-		while (ifa) {
-			ifaddr.s_addr = ifa->ifa_local;
-			if (ipv4_addr_cmp(&ifaddr, addr) == 0) {
-				/* https://github.com/NICMx/Jool/issues/223 */
-				if (ifa->ifa_prefixlen == 32)
-					goto do_translate;
-				else
-					goto dont_translate;
-			}
-
-			/* RFC3021: /31 (and /32) networks lack broadcast. */
-			if (ifa->ifa_prefixlen < 31) {
-				ifaddr.s_addr = ifa->ifa_local | ~ifa->ifa_mask;
-				if (ipv4_addr_cmp(&ifaddr, addr) == 0)
-					goto dont_translate;
-			}
-
-			ifa = ifa->ifa_next;
-		}
-	}
-	/* Fall through */
-
-do_translate:
-	rcu_read_unlock();
-	return false;
-
-dont_translate:
-	rcu_read_unlock();
-	return true;
+	return foreach_ifa(ns, check_ifa, addr);
 }
 
 bool blacklist4_contains(struct addr4_pool *pool, struct in_addr *addr)

diff --git a/src/mod/common/db/pool4/empty.c b/src/mod/common/db/pool4/empty.c
@@ -1,66 +1,39 @@
 #include "empty.h"
 
-#include <linux/inetdevice.h>
-#include <linux/in_route.h>
-#include <linux/netdevice.h>
 #include "common/constants.h"
+#include "mod/common/dev.h"
 #include "mod/common/ipv6_hdr_iterator.h"
-#include "mod/common/linux_version.h"
 #include "mod/common/log.h"
 #include "mod/common/rfc6052.h"
 #include "mod/common/translation_state.h"
 #include "mod/common/xlator.h"
 #include "mod/common/rfc7915/6to4.h"
 
-static bool contains_addr(struct net *ns, const struct in_addr *addr)
+static int check_ifa(struct in_ifaddr *ifa, void const *arg)
 {
-	struct net_device *dev;
-	struct in_device *in_dev;
-#if LINUX_VERSION_AT_LEAST(5, 3, 0, 9999, 0)
-	struct in_ifaddr *ifa;
-#endif
+	struct in_addr const *addr = arg;
 
-	for_each_netdev_rcu(ns, dev) {
-		in_dev = __in_dev_get_rcu(dev);
-		if (!in_dev)
-			continue;
+	if (ifa->ifa_scope != RT_SCOPE_UNIVERSE)
+		return 0;
+	if (ifa->ifa_local == addr->s_addr)
+		return 1;
 
-#if LINUX_VERSION_AT_LEAST(5, 3, 0, 9999, 0)
-		in_dev_for_each_ifa_rcu(ifa, in_dev) {
-			if (ifa->ifa_flags & IFA_F_SECONDARY)
-				continue;
-			if (ifa->ifa_scope != RT_SCOPE_UNIVERSE)
-				continue;
-			if (ifa->ifa_local == addr->s_addr)
-				return true;
-		}
-#else
-		for_primary_ifa(in_dev) {
-			if (ifa->ifa_scope != RT_SCOPE_UNIVERSE)
-				continue;
-			if (ifa->ifa_local == addr->s_addr)
-				return true;
-		} endfor_ifa(in_dev);
-#endif
-	}
+	return 0;
+}
 
-	return false;
+static bool contains_addr(struct net *ns, const struct in_addr *addr)
+{
+	return foreach_ifa(ns, check_ifa, addr);
 }
 
 bool pool4empty_contains(struct net *ns, const struct ipv4_transport_addr *addr)
 {
-	bool found;
-
 	if (addr->l4 < DEFAULT_POOL4_MIN_PORT)
 		return false;
 	if (DEFAULT_POOL4_MAX_PORT < addr->l4)
 		return false;
 
-	rcu_read_lock();
-	found = contains_addr(ns, &addr->l3);
-	rcu_read_unlock();
-
-	return found;
+	return contains_addr(ns, &addr->l3);
 }
 
 /**

diff --git a/src/mod/common/dev.c b/src/mod/common/dev.c
@@ -0,0 +1,41 @@
+#include "mod/common/dev.h"
+
+#include "mod/common/linux_version.h"
+
+/* "for each interface address" */
+int foreach_ifa(struct net *ns, int (*cb)(struct in_ifaddr *, void const *),
+		void const *args)
+{
+	struct net_device *dev;
+	struct in_device *in_dev;
+#if LINUX_VERSION_AT_LEAST(5, 3, 0, 9999, 0)
+	struct in_ifaddr *ifa;
+#endif
+	int result = 0;
+
+	rcu_read_lock();
+
+	for_each_netdev_rcu(ns, dev) {
+		in_dev = __in_dev_get_rcu(dev);
+		if (!in_dev)
+			continue;
+
+#if LINUX_VERSION_AT_LEAST(5, 3, 0, 9999, 0)
+		in_dev_for_each_ifa_rcu(ifa, in_dev) {
+			result = cb(ifa, args);
+			if (result)
+				goto end;
+		}
+#else
+		for_primary_ifa(in_dev) {
+			result = cb(ifa, args);
+			if (result)
+				goto end;
+		} endfor_ifa(in_dev);
+#endif
+	}
+
+end:
+	rcu_read_unlock();
+	return result;
+}
diff --git a/src/mod/common/dev.h b/src/mod/common/dev.h
@@ -0,0 +1,9 @@
+#ifndef SRC_MOD_COMMON_DEV_H_
+#define SRC_MOD_COMMON_DEV_H_
+
+#include <linux/inetdevice.h>
+
+int foreach_ifa(struct net *ns, int (*cb)(struct in_ifaddr *, void const *),
+		void const *args);
+
+#endif /* SRC_MOD_COMMON_DEV_H_ */
diff --git a/src/usr/joold/joold.8 b/src/usr/joold/joold.8
@@ -1,6 +1,6 @@
 .\" Manpage for jool's session synchronization daemon.
 
-.TH joold 8 2020-06-16 v4.1.0 "NAT64 Jool's Session Synchronization Daemon"
+.TH joold 8 2020-07-01 v4.1.1 "NAT64 Jool's Session Synchronization Daemon"
 
 .SH NAME
 joold - Userspace Session Synchronization (SS) daemon for NAT64 Jool.

diff --git a/src/usr/nat64/jool.8 b/src/usr/nat64/jool.8
@@ -1,7 +1,7 @@
 .\" Manpage for jool's userspace app.
 .\" Report bugs to jool@nic.mx.
 
-.TH jool 8 2020-06-16 v4.1.0 "NAT64 Jool's Userspace Client"
+.TH jool 8 2020-07-01 v4.1.1 "NAT64 Jool's Userspace Client"
 
 .SH NAME
 jool - Interact with NAT64 Jool (the kernel module).

diff --git a/src/usr/siit/jool_siit.8 b/src/usr/siit/jool_siit.8
@@ -1,7 +1,7 @@
 .\" Manpage for jool's userspace app.
 .\" Report bugs to jool@nic.mx.
 
-.TH jool_siit 8 2020-06-16 v4.1.0 "SIIT Jool's Userspace Client"
+.TH jool_siit 8 2020-07-01 v4.1.1 "SIIT Jool's Userspace Client"
 
 .SH NAME
 jool_siit - Interact with SIIT Jool (the kernel module).

diff --git a/test/graybox/mod/expecter.c b/test/graybox/mod/expecter.c
@@ -169,7 +169,9 @@ static struct netfilter_hook *get_hook(void)
 {
 	struct netfilter_hook *hook;
 	struct net *ns;
+#if LINUX_VERSION_AT_LEAST(4, 13, 0, 9999, 0)
 	int error;
+#endif
 
 	ns = get_net_ns_by_pid(task_pid_vnr(current));
 	if (IS_ERR(ns)) {

diff --git a/test/unit/filtering/impersonator.c b/test/unit/filtering/impersonator.c
@@ -24,3 +24,9 @@ void joold_put(struct joold_queue *queue)
 {
 	/* No code. */
 }
+
+int foreach_ifa(struct net *ns, int (*cb)(struct in_ifaddr *, void const *),
+		void const *args)
+{
+	return broken_unit_call(__func__);
+}
diff --git a/test/unit/impersonator/route.c b/test/unit/impersonator/route.c
@@ -1,6 +1,8 @@
 #include "mod/common/route.h"
 
+#include "mod/common/dev.h"
 #include "mod/common/log.h"
+#include "framework/unit_test.h"
 
 struct dst_entry *route4(struct net *ns, struct flowi4 *flow)
 {

diff --git a/test/unit/page/Makefile b/test/unit/page/Makefile
@@ -52,6 +52,7 @@ $(PAGE)-objs += ../../../src/mod/common/rfc7915/common.o
 $(PAGE)-objs += ../../../src/mod/common/rfc7915/core.o
 $(PAGE)-objs += ../../../src/mod/common/core.o
 
+$(PAGE)-objs += impersonator.o
 $(PAGE)-objs += page_test.o
 
 all: