Protocolary updates for release 4.1.2

configure.ac

@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ([2.68])
-AC_INIT([Jool], [4.1.1], [[email protected]])
+AC_INIT([Jool], [4.1.2], [[email protected]])
 AC_CONFIG_SRCDIR([src/common/xlat.h])
 AM_INIT_AUTOMAKE([subdir-objects])
 LT_PREREQ([2.4.6])

docs/_config.yml

@@ -3,7 +3,7 @@ baseurl: /Jool
 repository-url: https://github.com/NICMx/Jool
 downloads-url: https://github.com/NICMx/releases/raw/master/Jool
 downloads-url-2: https://github.com/NICMx/Jool/releases/download
-latest-version: 4.1.1
+latest-version: 4.1.2
 
 rfc-siit: https://tools.ietf.org/html/rfc7915
 draft-siit-eam: https://tools.ietf.org/html/rfc7757

docs/en/documentation.md

@@ -87,7 +87,6 @@ See [RFC 6586](https://tools.ietf.org/html/rfc6586) for deployment experiences u
 ## Miscellaneous
 
 1. [FAQ](faq.html)
-2. [Logging](logging.html)
 3. [MTU and Fragmentation](mtu.html)
 4. [Offloads](offloads.html)
 

docs/en/download.md

@@ -15,11 +15,12 @@ title: Download
 
 Jool 4.1 is a [compliant SIIT and Stateful NAT64](intro-jool.html#compliance).
 
-Currently, 4.1.1 is the latest version of Jool.
+Currently, 4.1.2 is the latest version of Jool.
 
 | Release Date | Version | .tar.gz | .tar.gz Signature | Git commit | .deb |
 |--------------|---------|---------|-------------------|------------|------|
-| 2020-07-01   | **4.1.1** | [Download]({{ site.downloads-url-2 }}/v4.1.1/jool-4.1.1.tar.gz) | [Signature]({{ site.downloads-url-2 }}/v4.1.1/jool-4.1.1.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.1.1" target="_blank">Link</a> | [Kernel modules]({{ site.downloads-url-2 }}/v4.1.1/jool-dkms_4.1.1-1_all.deb)<br />[Userspace tools]({{ site.downloads-url-2 }}/v4.1.1/jool-tools_4.1.1-1_amd64.deb) (amd64 only) |
+| 2020-07-22   | **4.1.2** | [Download]({{ site.downloads-url-2 }}/v4.1.2/jool-4.1.2.tar.gz) | [Signature]({{ site.downloads-url-2 }}/v4.1.2/jool-4.1.2.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.1.2" target="_blank">Link</a> | [Kernel modules]({{ site.downloads-url-2 }}/v4.1.2/jool-dkms_4.1.2-1_all.deb)<br />[Userspace tools]({{ site.downloads-url-2 }}/v4.1.2/jool-tools_4.1.2-1_amd64.deb) (amd64 only) |
+| 2020-07-01   | 4.1.1 | [Download]({{ site.downloads-url-2 }}/v4.1.1/jool-4.1.1.tar.gz) | [Signature]({{ site.downloads-url-2 }}/v4.1.1/jool-4.1.1.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.1.1" target="_blank">Link</a> | [Kernel modules]({{ site.downloads-url-2 }}/v4.1.1/jool-dkms_4.1.1-1_all.deb)<br />[Userspace tools]({{ site.downloads-url-2 }}/v4.1.1/jool-tools_4.1.1-1_amd64.deb) (amd64 only) |
 | 2020-06-16   | <del>4.1.0</del> | [Download]({{ site.downloads-url-2 }}/v4.1.0/jool-4.1.0.tar.gz) | [Signature]({{ site.downloads-url-2 }}/v4.1.0/jool-4.1.0.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.1.0" target="_blank">Link</a> | [Kernel modules]({{ site.downloads-url-2 }}/v4.1.0/jool-dkms_4.1.0-1_all.deb)<br />[Userspace tools]({{ site.downloads-url-2 }}/v4.1.0/jool-tools_4.1.0-1_amd64.deb) (amd64 only) |
 
 [This](http://keys.gnupg.net/pks/lookup?op=get&search=0x72160FD57B242967) is my public key. It is not yet certified, so the Signature column is mostly just theater for now.

docs/en/faq.md

@@ -47,7 +47,7 @@ destination address could not be found in the routing table.)
 
 Given the output above, for example, I'd try looking into the routing table.
 
-If `stats` proves insufficient, you can [enable debug logging](logging.html).
+If `stats` proves insufficient, you can [enable debug logging](usr-flags-global.html#logging-debug).
 
 ## Why is my ping not working?
 

docs/en/index.md

@@ -22,7 +22,7 @@ Jool is an Open Source [SIIT and NAT64](intro-xlat.html) for Linux.
 
 As far as we know, Jool is a [compliant](intro-jool.html#compliance) SIIT and Stateful NAT64.
 
-Its latest version is [4.1.1](download.html#41x) and its most mature version is [4.0.9](download.html#40x).
+Its latest version is [4.1.2](download.html#41x) and its most mature version is [4.0.9](download.html#40x).
 
 -------------------
 
@@ -34,14 +34,16 @@ Its latest version is [4.1.1](download.html#41x) and its most mature version is
 
 ## Latest News
 
-### 2020-07-01
+### 2020-07-22
 
-[Jool 4.1.1](download.html) has been released.
+[Jool 4.1.2](download.html) has been released.
 
 Bugfixes:
 
-1. [#331](https://github.com/NICMx/Jool/issues/331): Remove need to disable offloads again.
-3. [#332](https://github.com/NICMx/Jool/issues/332): Patch bad NAT64 translation on empty pool4.
+1. [#334](https://github.com/NICMx/Jool/issues/334): Patch compilation on newest CentOS 8.
+2. [#335](https://github.com/NICMx/Jool/issues/335): Patch deb package dependencies for Debian stable.
+3. [#336](https://github.com/NICMx/Jool/issues/336): Add `logging-debug` runtime configuration option.
+4. [#337](https://github.com/NICMx/Jool/issues/337): Patch iptables userspace binaries so they can be managed by python-iptables.
 
 > Remember that `lowest-ipv6-mtu`'s paranoid default might induce unnecessary fragmentation. If you want Jool 4.1 to reach 4.0's performance, please review the [MTU documentation](mtu.html).
 

docs/en/install.md

@@ -107,7 +107,7 @@ user@T:~# apt install build-essential pkg-config
 
 <!-- CentOS -->
 {% highlight bash %}
-user@T:~# yum install gcc
+user@T:~# yum install gcc make elfutils-libelf-devel
 {% endhighlight %}
 
 <!-- openSUSE -->

docs/en/intro-jool.md

@@ -48,11 +48,11 @@ Please [let us know]({{ site.repository-url }}/issues) if you find additional co
 
 | Jool version                        | Supported Linux kernels (mainline)   | Supported Linux kernels (RHEL) |
 |-------------------------------------|--------------------------------------|--------------------------------|
-| [master]({{ site.repository-url }}) | 3.16 - 3.19,<br />4.0 - 4.20,<br />5.0 - 5.7 | RHEL 7.6 - RHEL 7.7,<br />RHEL 8.0 |
-| [4.1.0](download.html#41x)          | 3.16 - 3.19,<br />4.0 - 4.20,<br />5.0 - 5.7 | RHEL 7.6 - RHEL 7.7,<br />RHEL 8.0 |
-| [4.0.9](download.html#40x)          | 3.13 - 3.19,<br />4.0 - 4.20,<br />5.0 - 5.6 | RHEL 7.0 - RHEL 7.7,<br />RHEL 8.0 |
-| [4.0.8](download.html#40x)          | 3.13 - 3.19,<br />4.0 - 4.20,<br />5.0 - 5.5 | RHEL 7.0 - RHEL 7.7,<br />RHEL 8.0 |
-| [4.0.7](download.html#40x)          | 3.13 - 3.19,<br />4.0 - 4.20,<br />5.0 - 5.4 | RHEL 7.0 - RHEL 7.7,<br />RHEL 8.0 |
+| [master]({{ site.repository-url }}),<br />[4.1.2](download.html#41x) | 3.16 - 3.19,<br />4.0 - 4.20,<br />5.0 - 5.7 | RHEL 7.6 - RHEL 7.7,<br />RHEL 8.0 |
+| [4.1.1](download.html#41x),<br />[4.1.0](download.html#41x) | 3.16 - 3.19,<br />4.0 - 4.20,<br />5.0 - 5.7 | RHEL 7.6 - RHEL 7.7,<br /><del>[RHEL 8.0](https://github.com/NICMx/Jool/issues/334)</del> |
+| [4.0.9](download.html#40x)          | 3.13 - 3.19,<br />4.0 - 4.20,<br />5.0 - 5.6 | RHEL 7.0 - RHEL 7.7,<br /><del>[RHEL 8.0](https://github.com/NICMx/Jool/issues/334)</del> |
+| [4.0.8](download.html#40x)          | 3.13 - 3.19,<br />4.0 - 4.20,<br />5.0 - 5.5 | RHEL 7.0 - RHEL 7.7,<br /><del>[RHEL 8.0](https://github.com/NICMx/Jool/issues/334)</del> |
+| [4.0.7](download.html#40x)          | 3.13 - 3.19,<br />4.0 - 4.20,<br />5.0 - 5.4 | RHEL 7.0 - RHEL 7.7,<br /><del>[RHEL 8.0](https://github.com/NICMx/Jool/issues/334)</del> |
 
 If you're using a non-RHEL distribution (eg. Debian derivatives), execute `uname -r` to print the kernel version you're running. Suffixes rarely matter. Here's an example from my running machine, which states that my running kernel is 4.15:
 

docs/en/usr-flags-global.md

@@ -18,6 +18,7 @@ title: global Mode
 	1. [`manually-enabled`](#manually-enabled)
 	1. [`pool6`](#pool6)
 	1. [`lowest-ipv6-mtu`](#lowest-ipv6-mtu)
+	1. [`logging-debug`](#logging-debug)
 	1. [`address-dependent-filtering`](#address-dependent-filtering)
 	2. [`drop-icmpv6-info`](#drop-icmpv6-info)
 	3. [`drop-externally-initiated-tcp`](#drop-externally-initiated-tcp)
@@ -126,6 +127,63 @@ To enhance performance, you want to minimize fragmentation, which means you want
 
 A more graphic explanation can be found [here](mtu.html).
 
+### `logging-debug`
+
+- Type: Boolean
+- Default: false
+- Modes: Both (SIIT and Stateful NAT64)
+- Source: [Issue 336](https://github.com/NICMx/Jool/issues/336)
+
+Print the instance's debug messages on the log?
+
+The logging messages can typically be found by querying the [`dmesg`](https://www.man7.org/linux/man-pages/man1/dmesg.1.html) program, or (if syslog is listening) the `/var/log/syslog` file.
+
+Here's an example of a successful IPv4->IPv6 SIIT translation:
+
+	$ sudo jool_siit global update logging-debug true
+	$ dmesg -t
+	Jool SIIT/6b514d00/default: ===============================================
+	Jool SIIT/6b514d00/default: Packet: 198.51.100.2->192.0.2.33
+	Jool SIIT/6b514d00/default: UDP 4000->2000
+	Jool SIIT/6b514d00/default: Translating the Packet.
+	Jool SIIT/6b514d00/default: Result: 2001:db8:1c6:3364:2::->2001:db8:1c0:2:21::
+	Jool SIIT/6b514d00/default: Routing: 2001:db8:1c6:3364:2::->2001:db8:1c0:2:21::
+	Jool SIIT/6b514d00/default: Packet routed via device 'to_client_v6'.
+	Jool SIIT/6b514d00/default: Sending packet.
+	Jool SIIT/6b514d00/default: Success.
+
+The label `SIIT/6b514d00/default` is the instance identifier (`<stateness>/<namespace>/<name>`). See [`instance display`](usr-flags-instance.html#examples).
+
+Here's an example of a successful IPv6->IPv4 NAT64 translation:
+
+	$ sudo jool global update logging-debug true
+	$ dmesg -t
+	Jool NAT64/6b514d00/default: ===============================================
+	Jool NAT64/6b514d00/default: Packet: 2001:db8::5->64:ff9b::c000:205
+	Jool NAT64/6b514d00/default: TCP 2000->4000
+	Jool NAT64/6b514d00/default: Step 1: Determining the Incoming Tuple
+	Jool NAT64/6b514d00/default: Tuple: 2001:db8::5#2000 -> 64:ff9b::c000:205#4000 (TCP)
+	Jool NAT64/6b514d00/default: Done step 1.
+	Jool NAT64/6b514d00/default: Step 2: Filtering and Updating
+	Jool NAT64/6b514d00/default: BIB entry: 2001:db8::5#2000 - 192.0.2.2#2000 (TCP)
+	Jool NAT64/6b514d00/default: Session entry: 2001:db8::5#2000 - 64:ff9b::c000:205#4000 | 192.0.2.2#2000 - 192.0.2.5#4000 (TCP)
+	Jool NAT64/6b514d00/default: Done: Step 2.
+	Jool NAT64/6b514d00/default: Step 3: Computing the Outgoing Tuple
+	Jool NAT64/6b514d00/default: Tuple: 192.0.2.2#2000 -> 192.0.2.5#4000 (TCP)
+	Jool NAT64/6b514d00/default: Done step 3.
+	Jool NAT64/6b514d00/default: Step 4: Translating the Packet
+	Jool NAT64/6b514d00/default: Routing: 192.0.2.2->192.0.2.5
+	Jool NAT64/6b514d00/default: Packet routed via device 'to_client_v4'.
+	Jool NAT64/6b514d00/default: Done step 4.
+	Jool NAT64/6b514d00/default: Sending packet.
+	Jool NAT64/6b514d00/default: Success.
+
+By default, debug logging needs to be enabled on a per-instance basis, and only prints debug messages that correspond to that particular instance. The compilation flag [`-DDEBUG`](https://github.com/NICMx/Jool/wiki/Jool's-Compilation-Options#-ddebug) enables all debug logging by default, including debug logging not associated with an instance.
+
+Though it's called "instance _debug_ logging," Jool actually uses INFO severity. This is because DEBUG level requires the `-DDEBUG` flag.
+
+Make sure to disable this flag in production. It slows things down, and if syslog is listening, the log messages quickly eat up large amounts of disk space.
+
 ### `address-dependent-filtering`
 
 <!-- TODO I think this documentation is somewhat incorrect now. -->
@@ -309,7 +367,7 @@ There are several important things to notice:
 - There's no information on _who_ was `2001:db8::5` talking to. This is a _good_ thing; it means you're honoring your client's privacy as much as you can.
 - The logging uses GMT; you might need to convert this for comfort.
 
-This defaults to false because it generates humongous amounts of logs while active (remember you need infrastructure to maintain them). Notice the maps are dumped into the _kernel log_, so the messages will be mixed along with anything else the kernel has to say ([including Jool's error messages, for example](logging.html)). The log messages will have [INFO priority](http://stackoverflow.com/questions/16390004/change-default-console-loglevel-during-boot-up).
+This defaults to false because it generates humongous amounts of logs while active (remember you need infrastructure to maintain them). Notice the maps are dumped into the _kernel log_, so the messages will be mixed along with anything else the kernel has to say. The log messages will have [INFO priority](http://stackoverflow.com/questions/16390004/change-default-console-loglevel-during-boot-up).
 
 If logging the destination makes sense for you, see `logging-session` (below). To comply with REQ-12 of RFC 6888 you want to set `loging-bib` as true and `logging-session` as false.
 

src/common/config.c

@@ -83,11 +83,11 @@ struct nla_policy joolnl_session_entry_policy[JNLASE_COUNT] = {
 struct nla_policy siit_globals_policy[JNLAG_COUNT] = {
 	[JNLAG_ENABLED] = { .type = NLA_U8 },
 	[JNLAG_POOL6] = { .type = NLA_NESTED },
+	[JNLAG_LOWEST_IPV6_MTU] = { .type = NLA_U32 },
 	[JNLAG_DEBUG] = { .type = NLA_U8 },
 	[JNLAG_RESET_TC] = { .type = NLA_U8 },
 	[JNLAG_RESET_TOS] = { .type = NLA_U8 },
 	[JNLAG_TOS] = { .type = NLA_U8 },
-	[JNLAG_LOWEST_IPV6_MTU] = { .type = NLA_U32 },
 	[JNLAG_PLATEAUS] = { .type = NLA_NESTED },
 	[JNLAG_COMPUTE_CSUM_ZERO] = { .type = NLA_U8 },
 	[JNLAG_HAIRPIN_MODE] = { .type = NLA_U8 },
@@ -99,11 +99,11 @@ struct nla_policy siit_globals_policy[JNLAG_COUNT] = {
 struct nla_policy nat64_globals_policy[JNLAG_COUNT] = {
 	[JNLAG_ENABLED] = { .type = NLA_U8 },
 	[JNLAG_POOL6] = { .type = NLA_NESTED },
+	[JNLAG_LOWEST_IPV6_MTU] = { .type = NLA_U32 },
 	[JNLAG_DEBUG] = { .type = NLA_U8 },
 	[JNLAG_RESET_TC] = { .type = NLA_U8 },
 	[JNLAG_RESET_TOS] = { .type = NLA_U8 },
 	[JNLAG_TOS] = { .type = NLA_U8 },
-	[JNLAG_LOWEST_IPV6_MTU] = { .type = NLA_U32 },
 	[JNLAG_PLATEAUS] = { .type = NLA_NESTED },
 	[JNLAG_DROP_ICMP6_INFO] = { .type = NLA_U8 },
 	[JNLAG_SRC_ICMP6_BETTER] = { .type = NLA_U8 },

src/common/config.h

@@ -214,11 +214,11 @@ enum joolnl_attr_global {
 	/* Common */
 	JNLAG_ENABLED = 1,
 	JNLAG_POOL6,
+	JNLAG_LOWEST_IPV6_MTU,
 	JNLAG_DEBUG,
 	JNLAG_RESET_TC,
 	JNLAG_RESET_TOS,
 	JNLAG_TOS,
-	JNLAG_LOWEST_IPV6_MTU,
 	JNLAG_PLATEAUS,
 
 	/* SIIT */

src/common/global.c

@@ -770,10 +770,20 @@ static const struct joolnl_global_meta globals_metadata[] = {
 		.candidates = WELL_KNOWN_PREFIX,
 #ifdef __KERNEL__
 		.nl2raw = nl2raw_pool6,
+#endif
+	}, {
+		.id = JNLAG_LOWEST_IPV6_MTU,
+		.name = "lowest-ipv6-mtu",
+		.type = &gt_uint32,
+		.doc = "Smallest reachable IPv6 MTU.",
+		.offset = offsetof(struct jool_globals, lowest_ipv6_mtu),
+		.xt = XT_ANY,
+#ifdef __KERNEL__
+		.nl2raw = nl2raw_lowest_ipv6_mtu,
 #endif
 	}, {
 		.id = JNLAG_DEBUG,
-		.name = "debug",
+		.name = "logging-debug",
 		.type = &gt_bool,
 		.doc = "Pour lots of debugging messages on the log?",
 		.offset = offsetof(struct jool_globals, debug),
@@ -799,16 +809,6 @@ static const struct joolnl_global_meta globals_metadata[] = {
 		.doc = "Value to override TOS as (only when --override-tos is ON).",
 		.offset = offsetof(struct jool_globals, new_tos),
 		.xt = XT_ANY,
-	}, {
-		.id = JNLAG_LOWEST_IPV6_MTU,
-		.name = "lowest-ipv6-mtu",
-		.type = &gt_uint32,
-		.doc = "Smallest reachable IPv6 MTU.",
-		.offset = offsetof(struct jool_globals, lowest_ipv6_mtu),
-		.xt = XT_ANY,
-#ifdef __KERNEL__
-		.nl2raw = nl2raw_lowest_ipv6_mtu,
-#endif
 	} , {
 		.id = JNLAG_PLATEAUS,
 		.name = "mtu-plateaus",

src/common/xlat.h

@@ -9,7 +9,7 @@
  */
 #define JOOL_VERSION_MAJOR 4
 #define JOOL_VERSION_MINOR 1
-#define JOOL_VERSION_REV 1
+#define JOOL_VERSION_REV 2
 #define JOOL_VERSION_DEV 0
 
 /** See http://stackoverflow.com/questions/195975 */

src/mod/common/steps/send_packet.c

@@ -15,7 +15,7 @@ static verdict __sendpkt_send(struct xlation *state, struct sk_buff *out)
 		return drop(state, JSTAT_UNKNOWN);
 
 	out->dev = dst->dev;
-	log_debug(state, "Sending skb.");
+	log_debug(state, "Sending packet.");
 
 	/* skb_log(out, "Translated packet"); */