Protocolary updates for release 4.1.8

Includes removing support for kernels 4.4-4.8, because it looks like they've been EOL'd. Also, CNAME removed. Looks like jool.mx is going to stay a mirror for a while.
NICMx · Mar 20, 2022 · 6822bde · 6822bde
1 parent 4af409c
commit 6822bde
Show file tree

Hide file tree

Showing 30 changed files with 57 additions and 218 deletions.
diff --git a/configure.ac b/configure.ac
@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ([2.68])
-AC_INIT([Jool], [4.1.7], [[email protected]])
+AC_INIT([Jool], [4.1.8], [[email protected]])
 AC_CONFIG_SRCDIR([src/common/xlat.h])
 AM_INIT_AUTOMAKE([subdir-objects])
 LT_PREREQ([2.4.6])

diff --git a/docs/CNAME b/docs/CNAME
diff --git a/docs/_config.yml b/docs/_config.yml
@@ -1,7 +1,7 @@
 markdown: kramdown
 baseurl: /Jool
 repository-url: https://github.com/NICMx/Jool
-latest-version: 4.1.7
+latest-version: 4.1.8
 
 rfc-siit: https://tools.ietf.org/html/rfc7915
 draft-siit-eam: https://tools.ietf.org/html/rfc7757

diff --git a/docs/en/download.md b/docs/en/download.md
@@ -28,20 +28,21 @@ Jool 4.2 is a compliant SIIT, Stateful NAT64 and MAP-T.
 
 Jool 4.1 is a [compliant SIIT and Stateful NAT64](intro-jool.html#compliance).
 
-Currently, 4.1.7 is the most mature version of Jool.
+Currently, 4.1.8 is the most mature version of Jool.
 
 | Release Date | Version | .tar.gz | .tar.gz Signature | Git commit | .deb |
 |--------------|---------|---------|-------------------|------------|------|
-| 2022-01-27   | **4.1.7** | [Download]({{ page.url-dl }}/v4.1.7/jool-4.1.7.tar.gz) | [Signature]({{ page.url-dl }}/v4.1.7/jool-4.1.7.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.1.7" target="_blank">Link</a> | [Kernel modules]({{ page.url-dl }}/v4.1.7/jool-dkms_4.1.7-1_all.deb)<br />[Userspace tools]({{ page.url-dl }}/v4.1.7/jool-tools_4.1.7-1_amd64.deb) (amd64 only) |
-| 2021-12-10   | **4.1.6** | [Download]({{ page.url-dl }}/v4.1.6/jool-4.1.6.tar.gz) | [Signature]({{ page.url-dl }}/v4.1.6/jool-4.1.6.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.1.6" target="_blank">Link</a> | [Kernel modules]({{ page.url-dl }}/v4.1.6/jool-dkms_4.1.6-1_all.deb)<br />[Userspace tools]({{ page.url-dl }}/v4.1.6/jool-tools_4.1.6-1_amd64.deb) (amd64 only) |
-| 2021-02-19   | 4.1.5 | [Download]({{ page.url-dl }}/v4.1.5/jool-4.1.5.tar.gz) | [Signature]({{ page.url-dl }}/v4.1.5/jool-4.1.5.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.1.5" target="_blank">Link</a> | [Kernel modules]({{ page.url-dl }}/v4.1.5/jool-dkms_4.1.5-1_all.deb)<br />[Userspace tools]({{ page.url-dl }}/v4.1.5/jool-tools_4.1.5-1_amd64.deb) (amd64 only) |
-| 2020-10-07   | 4.1.4 | [Download]({{ page.url-dl }}/v4.1.4/jool-4.1.4.tar.gz) | [Signature]({{ page.url-dl }}/v4.1.4/jool-4.1.4.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.1.4" target="_blank">Link</a> | [Kernel modules]({{ page.url-dl }}/v4.1.4/jool-dkms_4.1.4-1_all.deb)<br />[Userspace tools]({{ page.url-dl }}/v4.1.4/jool-tools_4.1.4-1_amd64.deb) (amd64 only) |
-| 2020-09-02   | 4.1.3 | [Download]({{ page.url-dl }}/v4.1.3/jool-4.1.3.tar.gz) | [Signature]({{ page.url-dl }}/v4.1.3/jool-4.1.3.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.1.3" target="_blank">Link</a> | [Kernel modules]({{ page.url-dl }}/v4.1.3/jool-dkms_4.1.3-1_all.deb)<br />[Userspace tools]({{ page.url-dl }}/v4.1.3/jool-tools_4.1.3-1_amd64.deb) (amd64 only) |
+| 2022-03-20   | **4.1.8** | [Download]({{ page.url-dl }}/v4.1.8/jool-4.1.8.tar.gz) | [Signature]({{ page.url-dl }}/v4.1.8/jool-4.1.8.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.1.8" target="_blank">Link</a> | [Kernel modules]({{ page.url-dl }}/v4.1.8/jool-dkms_4.1.8-1_all.deb)<br />[Userspace tools]({{ page.url-dl }}/v4.1.8/jool-tools_4.1.8-1_amd64.deb) (amd64 only) |
+| 2022-01-27   | <del>4.1.7</del> | [Download]({{ page.url-dl }}/v4.1.7/jool-4.1.7.tar.gz) | [Signature]({{ page.url-dl }}/v4.1.7/jool-4.1.7.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.1.7" target="_blank">Link</a> | [Kernel modules]({{ page.url-dl }}/v4.1.7/jool-dkms_4.1.7-1_all.deb)<br />[Userspace tools]({{ page.url-dl }}/v4.1.7/jool-tools_4.1.7-1_amd64.deb) (amd64 only) |
+| 2021-12-10   | <del>4.1.6</del> | [Download]({{ page.url-dl }}/v4.1.6/jool-4.1.6.tar.gz) | [Signature]({{ page.url-dl }}/v4.1.6/jool-4.1.6.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.1.6" target="_blank">Link</a> | [Kernel modules]({{ page.url-dl }}/v4.1.6/jool-dkms_4.1.6-1_all.deb)<br />[Userspace tools]({{ page.url-dl }}/v4.1.6/jool-tools_4.1.6-1_amd64.deb) (amd64 only) |
+| 2021-02-19   | <del>4.1.5</del> | [Download]({{ page.url-dl }}/v4.1.5/jool-4.1.5.tar.gz) | [Signature]({{ page.url-dl }}/v4.1.5/jool-4.1.5.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.1.5" target="_blank">Link</a> | [Kernel modules]({{ page.url-dl }}/v4.1.5/jool-dkms_4.1.5-1_all.deb)<br />[Userspace tools]({{ page.url-dl }}/v4.1.5/jool-tools_4.1.5-1_amd64.deb) (amd64 only) |
+| 2020-10-07   | <del>4.1.4</del> | [Download]({{ page.url-dl }}/v4.1.4/jool-4.1.4.tar.gz) | [Signature]({{ page.url-dl }}/v4.1.4/jool-4.1.4.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.1.4" target="_blank">Link</a> | [Kernel modules]({{ page.url-dl }}/v4.1.4/jool-dkms_4.1.4-1_all.deb)<br />[Userspace tools]({{ page.url-dl }}/v4.1.4/jool-tools_4.1.4-1_amd64.deb) (amd64 only) |
+| 2020-09-02   | <del>4.1.3</del> | [Download]({{ page.url-dl }}/v4.1.3/jool-4.1.3.tar.gz) | [Signature]({{ page.url-dl }}/v4.1.3/jool-4.1.3.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.1.3" target="_blank">Link</a> | [Kernel modules]({{ page.url-dl }}/v4.1.3/jool-dkms_4.1.3-1_all.deb)<br />[Userspace tools]({{ page.url-dl }}/v4.1.3/jool-tools_4.1.3-1_amd64.deb) (amd64 only) |
 | 2020-07-22   | <del>4.1.2</del> | [Download]({{ page.url-dl }}/v4.1.2/jool-4.1.2.tar.gz) | [Signature]({{ page.url-dl }}/v4.1.2/jool-4.1.2.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.1.2" target="_blank">Link</a> | [Kernel modules]({{ page.url-dl }}/v4.1.2/jool-dkms_4.1.2-1_all.deb)<br />[Userspace tools]({{ page.url-dl }}/v4.1.2/jool-tools_4.1.2-1_amd64.deb) (amd64 only) |
 | 2020-07-01   | <del>4.1.1</del> | [Download]({{ page.url-dl }}/v4.1.1/jool-4.1.1.tar.gz) | [Signature]({{ page.url-dl }}/v4.1.1/jool-4.1.1.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.1.1" target="_blank">Link</a> | [Kernel modules]({{ page.url-dl }}/v4.1.1/jool-dkms_4.1.1-1_all.deb)<br />[Userspace tools]({{ page.url-dl }}/v4.1.1/jool-tools_4.1.1-1_amd64.deb) (amd64 only) |
 | 2020-06-16   | <del>4.1.0</del> | [Download]({{ page.url-dl }}/v4.1.0/jool-4.1.0.tar.gz) | [Signature]({{ page.url-dl }}/v4.1.0/jool-4.1.0.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.1.0" target="_blank">Link</a> | [Kernel modules]({{ page.url-dl }}/v4.1.0/jool-dkms_4.1.0-1_all.deb)<br />[Userspace tools]({{ page.url-dl }}/v4.1.0/jool-tools_4.1.0-1_amd64.deb) (amd64 only) |
 
-[This](http://keys.gnupg.net/pks/lookup?op=get&search=0x72160FD57B242967) is my public key. It is not yet certified, so the Signature column is mostly just theater for now.
+My public key is on [Github](https://github.com/ydahhrk.gpg).
 
 ## 4.0.x
 

diff --git a/docs/en/index.md b/docs/en/index.md
@@ -20,10 +20,10 @@ Jool is an Open Source [SIIT and NAT64](intro-xlat.html) for Linux.
 
 ## Status
 
-- The most mature version is [4.1.7](download.html#41x).
-- The second release candidate for version [4.2.0](download.html#42x) is also available now.
+> ![Warning](../images/warning.svg) The project's development has slowed down to essential maintenance. Bugfixing and support will remain active, but there will be no new features in the foreseeable future.
 
-The project's development has slowed down to essential maintenance. Bugfixing and support will remain active, but there will be no new features in the foreseeable future.
+- The most mature version is [4.1.8](download.html#41x).
+- The second release candidate for version [4.2.0](download.html#42x) is also available now.
 
 -------------------
 
@@ -35,9 +35,19 @@ The project's development has slowed down to essential maintenance. Bugfixing an
 
 ## Latest News
 
-### 2022-01-27
-
-Version 4.1.7 has been released:
-
-- [#372](https://github.com/NICMx/Jool/issues/372): iptables dependency now optional.
+### 2022-03-20
+
+Version 4.1.8 has been released.
+
+- [#366](https://github.com/NICMx/Jool/issues/366), [#375](https://github.com/NICMx/Jool/issues/375): Fix checksums in Slow Path.  
+  This is a fairly critical bug; please upgrade. It affects packets that fulfill the following conditions:
+	- IPv4-to-IPv6
+	- Not ICMP error
+	- Incoming packet's DF was disabled
+	- Packet was large, or GRO-aggregated
+- Add validation to more verbosely reject IPv6 packets that contain more than one fragment header.
+- Add validation to more verbosely reject fragmented (and not reassembled by `nf_defrag_ipv*`) ICMP errors.  
+  (Aside from being fairly illegal, these packets cannot be translated because the "ICMPv6 length" of the [ICMP pseudoheader](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol_for_IPv6#Checksum) is unknown.)
+- Bugfix: When routing TCP/UDP fragments, the code was including header ports even though nonzero fragment-offset packets lack TCP/UDP headers.  
+  This bug probably doesn't affect you, unless your routing is somehow port-based.
 
diff --git a/docs/en/intro-jool.md b/docs/en/intro-jool.md
@@ -50,7 +50,8 @@ Please [let us know]({{ site.repository-url }}/issues) if you find additional co
 
 | Jool version                        | Supported Linux kernels (mainline)   | Supported Linux kernels (RHEL) |
 |-------------------------------------|--------------------------------------|--------------------------------|
-| [master]({{ site.repository-url }}),<br />[4.1.6](download.html#41x) | 4.4 - 4.20,<br />5.0 - 5.15 | RHEL 8.5 |
+| [master]({{ site.repository-url }}),<br />[4.1.8](download.html#41x) | 4.9 - 4.20,<br />5.0 - 5.16 | RHEL 8.5 |
+| [4.1.6](download.html#41x),<br />[4.1.7](download.html#41x) | 4.4 - 4.20,<br />5.0 - 5.15 | RHEL 8.5 |
 | [4.1.5](download.html#41x) | 3.16 - 3.19,<br />4.0 - 4.20,<br />5.0 - 5.11 | RHEL 7.6 - RHEL 7.7,<br />RHEL 8.0 |
 | [4.1.3](download.html#41x),<br />[4.1.4](download.html#41x) | 3.16 - 3.19,<br />4.0 - 4.20,<br />5.0 - 5.9 | RHEL 7.6 - RHEL 7.7,<br />RHEL 8.0 |
 | [4.1.2](download.html#41x) | 3.16 - 3.19,<br />4.0 - 4.20,<br />5.0 - 5.7 | RHEL 7.6 - RHEL 7.7,<br />RHEL 8.0 |

diff --git a/src/common/xlat.h b/src/common/xlat.h
@@ -9,8 +9,8 @@
  */
 #define JOOL_VERSION_MAJOR 4
 #define JOOL_VERSION_MINOR 1
-#define JOOL_VERSION_REV 7
-#define JOOL_VERSION_DEV 6
+#define JOOL_VERSION_REV 8
+#define JOOL_VERSION_DEV 0
 
 /** See http://stackoverflow.com/questions/195975 */
 #define STR_VALUE(arg) #arg

diff --git a/src/mod/common/db/bib/db.c b/src/mod/common/db/bib/db.c
@@ -470,23 +470,14 @@ void bib_put(struct bib *db)
 
 static void log_bib(struct xlator *jool, struct tabled_bib *bib, char *action)
 {
-#if LINUX_VERSION_AT_LEAST(4, 8, 0, 9999, 0)
 	time64_t tsec;
-#else
-	struct timeval tval;
-#endif
 	struct tm time;
 
 	if (!jool->globals.nat64.bib.bib_logging)
 		return;
 
-#if LINUX_VERSION_AT_LEAST(4, 8, 0, 9999, 0)
 	tsec = ktime_get_real_seconds();
 	time64_to_tm(tsec, 0, &time);
-#else
-	do_gettimeofday(&tval);
-	time_to_tm(tval.tv_sec, 0, &time);
-#endif
 	log_info("%s %ld/%d/%d %d:%d:%d (GMT) - %s %pI6c#%u to %pI4#%u (%s)",
 			jool->iname,
 			1900 + time.tm_year, time.tm_mon + 1, time.tm_mday,
@@ -505,23 +496,14 @@ static void log_session(struct xlator *jool,
 		struct tabled_session *session,
 		char *action)
 {
-#if LINUX_VERSION_AT_LEAST(4, 8, 0, 9999, 0)
 	time64_t tsec;
-#else
-	struct timeval tval;
-#endif
 	struct tm time;
 
 	if (!jool->globals.nat64.bib.session_logging)
 		return;
 
-#if LINUX_VERSION_AT_LEAST(4, 8, 0, 9999, 0)
 	tsec = ktime_get_real_seconds();
 	time64_to_tm(tsec, 0, &time);
-#else
-	do_gettimeofday(&tval);
-	time_to_tm(tval.tv_sec, 0, &time);
-#endif
 	log_info("%s %ld/%d/%d %d:%d:%d (GMT) - %s %pI6c#%u|%pI6c#%u|"
 			"%pI4#%u|%pI4#%u|%s", jool->iname,
 			1900 + time.tm_year, time.tm_mon + 1, time.tm_mday,
@@ -819,11 +801,7 @@ static void send_probe_packet(struct xlator *jool, struct session_entry *session
 	skb_dst_set(skb, dst);
 
 	/* Implicit kfree_skb(skb) here. */
-#if LINUX_VERSION_AT_LEAST(4, 4, 0, 8, 0)
 	error = dst_output(jool->ns, NULL, skb);
-#else
-	error = dst_output(skb);
-#endif
 	if (error) {
 		__log_debug(jool, "dst_output() returned errcode %d.", error);
 		goto fail;

diff --git a/src/mod/common/icmp_wrapper.c b/src/mod/common/icmp_wrapper.c
@@ -1,7 +1,6 @@
 #include "mod/common/icmp_wrapper.h"
 
 #include <linux/icmpv6.h>
-#include <linux/version.h>
 #include <net/icmp.h>
 #include "common/types.h"
 #include "mod/common/log.h"

diff --git a/src/mod/common/joold.c b/src/mod/common/joold.c
@@ -227,9 +227,6 @@ static void send_to_userspace(struct xlator *jool, struct sk_buff *skb,
 		return;
 
 	__log_debug(jool, "Sending multicast message.");
-#if LINUX_VERSION_LOWER_THAN(3, 13, 0, 7, 1)
-	error = genlmsg_multicast_netns(ns, skb, 0, jnl_gid(), GFP_ATOMIC);
-#else
 	/*
 	 * Note: Starting from kernel 3.13, all groups of a common family share
 	 * a group offset (from a common pool), and they are numbered
@@ -241,7 +238,6 @@ static void send_to_userspace(struct xlator *jool, struct sk_buff *skb,
 	 * family.
 	 */
 	error = genlmsg_multicast_netns(jnl_family(), ns, skb, 0, 0, GFP_ATOMIC);
-#endif
 	if (error) {
 		log_warn_once("Looks like nobody received my multicast message. Is the joold daemon really active? (errcode %d)",
 				error);

diff --git a/src/mod/common/kernel_hook.h b/src/mod/common/kernel_hook.h
@@ -4,14 +4,15 @@
 #include <linux/netfilter_ipv4.h>
 #include <linux/netfilter_ipv6.h>
 #include "common/config.h"
-#include "mod/common/nf_wrapper.h"
 
 #ifndef XTABLES_DISABLED
 #include <linux/netfilter/x_tables.h>
 #endif
 
-NF_CALLBACK(hook_ipv6, skb);
-NF_CALLBACK(hook_ipv4, skb);
+unsigned int hook_ipv6(void *priv, struct sk_buff *skb,
+		const struct nf_hook_state *nhs);
+unsigned int hook_ipv4(void *priv, struct sk_buff *skb,
+		const struct nf_hook_state *nhs);
 
 #ifndef XTABLES_DISABLED
 

diff --git a/src/mod/common/kernel_hook_iptables.c b/src/mod/common/kernel_hook_iptables.c
@@ -66,10 +66,8 @@ static struct net *action_param_net(const struct xt_action_param *param)
 {
 #if LINUX_VERSION_AT_LEAST(4, 10, 0, 8, 0)
 	return param->state->net;
-#elif LINUX_VERSION_AT_LEAST(4, 4, 0, 9999, 0)
-	return param->net;
 #else
-	return dev_net(param->in);
+	return param->net;
 #endif
 }
 

diff --git a/src/mod/common/kernel_hook_netfilter.c b/src/mod/common/kernel_hook_netfilter.c
@@ -55,7 +55,8 @@ static unsigned int verdict2netfilter(verdict result, bool enable_debug)
  * This is the function that the kernel calls whenever a packet reaches Jool's
  * IPv6 Netfilter hook.
  */
-NF_CALLBACK(hook_ipv6, skb)
+unsigned int hook_ipv6(void *priv, struct sk_buff *skb,
+		const struct nf_hook_state *nhs)
 {
 	struct xlation *state;
 	verdict result;
@@ -82,7 +83,8 @@ EXPORT_SYMBOL_GPL(hook_ipv6);
  * This is the function that the kernel calls whenever a packet reaches Jool's
  * IPv4 Netfilter hook.
  */
-NF_CALLBACK(hook_ipv4, skb)
+unsigned int hook_ipv4(void *priv, struct sk_buff *skb,
+		const struct nf_hook_state *nhs)
 {
 	struct xlation *state;
 	verdict result;

diff --git a/src/mod/common/nf_wrapper.h b/src/mod/common/nf_wrapper.h
diff --git a/src/mod/common/nl/nl_core.c b/src/mod/common/nl/nl_core.c
@@ -2,7 +2,6 @@
 
 #include <linux/stddef.h>
 #include <linux/types.h>
-#include <linux/version.h>
 
 #include "common/config.h"
 #include "common/types.h"