Home
Introduction
Jool is an Open Source SIIT and NAT64 for Linux.
- Click here to start getting acquainted with the software.
- Click here to download Jool.
Status
As far as we know, Jool is a fairly compliant SIIT and Stateful NAT64. This is the roadmap as of 2015-08-19:
- Milestone 4.0.0 will be a framework switch. Jool might become a device driver or a userspace daemon. This will free Jool from most of its compliance problems and might make it more intuitive to configure.
- Milestone 4.1.0 will add several new features.
New bug reports might interpolate other milestones in-between. Feedback from users can persuade us to change priorities. See Contact for options on this.
Our latest release is version 3.4.0.
News
2015-08-17
In addition, version 3.3.3 contains the following:
- Added support for the DKMS framework!
- Userspace application quirks fixed: #150, #151.
2015-04-14
Version 3.3.2 released.
This is the summary:
- There are new configuration flags:
- The userspace app was misbehaving in several ways. While all of its bugs had workarounds, it was a pain to use.
Also, unrelated to the code, we now have two mailing lists:
- jool-news@nic.mx is intended to spread news. Since we currently don’t have other major events, the plan is to only use it to announce new releases coming out. Click here to start listening.
- jool-list@nic.mx can be used for public discussion (help, proposals, whatever). I will also drop the news here so people doesn’t have to subscribe to both at a time. Click here to register.
jool@nic.mx can still be used to reach us developers only.
We’d also like to apologize for the certificate hiccup we had recently. Though they are being generated, the mailing list archives are also not available yet, and this is in our admins’ TODO list.
2015-03-11
Important bug discovered!
We just released Jool 3.3.1.
2015-03-09
Jool 3.3.0 is finished.
Filtering couldn’t make it into the milestone, but Stateless IP/ICMP Translation (SIIT) is now supported.
See the updated SIIT/NAT64 introduction for an improved picture of the SIIT paradigm. Here’s the tutorial. Also keep an eye on 464XLAT.
We also refactored the userspace app somewhat; please review your scripts:
- The kernel’s per-interface MTU setting replaced
--minMTU6
. --address
,--prefix
,--bib4
and--bib6
were deprecated because they’re considered redundant. See--pool6
,--pool4
and--bib
.- Three global flags were also deprecated for different reasons.
We also released Jool 3.2.3, which is bugfixes since 3.2.2. One of the bugs is a DoS vulnerability, so upgrading to at least 3.2.3 is highly recommended.
2014-10-24
An important bug was discovered, and version 3.2.2 is out.
2014-10-17
The documentation of --plateaus
proved to be lacking, so there’s now a full article dedicated to it. The original definition also received improvements.
It has come to our attention that we are also lacking an explanation of IP literals, so there should be another codeless update like this in the near future.
2014-10-08
Version 3.2.1 released. The 3.2 series is now considered more mature than 3.1.
The important changes are
- Jool used to always attempt to mask packets using the first prefix of the pool. This meant that Jool was unable to handle more than one prefix.
- The memory leak in the core has been purged.
The less noticeable ones are
log_martians
is no longer a step in modprobing Jool (though it doesn’t bite if you keep it).- The SNMP stat updates returned. See
nstat
andnetstat -s
. - Corner-case packets now get checksums updated correctly.
2014-09-01
It took it a really long time to overcome testing, but version 3.2.0 is finally released.
We changed the minor version number this time, because the userspace application has a slightly different interface; the single-value configuration parameters have been joined: --general
replaced --filtering
, --translate
and --fragmentation
. The application also has three new features:
- The ability to flush the pools.
- The addition of
--quick
. - The addition of
--svg
, in BIB and session.
The second main novelty is the finally correct implementation of Simultaneous Open of TCP Connections. The translation pipeline should now be completely quirkless.
A little confusion also revealed that the path to libnl used to be hardcoded in the configuration script. If you used to have trouble compiling the userspace application, you might want to try again using the new version.
The more unnoticeable stuff includes a complement to the old issue #65 and a healthier code-to-comment ratio :). The user documentation, on the other hand, received a significant refactor, so looking at the diff might not be overly productive this time.
One thing we did not complete was the fragmentation refactor. This is in fact the reason why this milestone dragged. We appear to really need to reconcile the kernel’s defragmenter and the RFC in order to implement filtering policies however, so it’s still considered an active issue.
We also released 3.1.6, which is small fixes from 3.1.5, in case somebody has a reason to continue using the 3.1.x series.
2014-06-26
By the way:
If you can read Markdown and Github’s diffs, you can find the documentation changes for version 3.1.5 here, here and here.
2014-06-18
Version 3.1.5 released.
Our most important fix is issue #92. Incorrect ICMP errors used to confuse IPv4 nodes, which lowered the reliability of 4-to-6 traffic.
Aside from that, the userspace application has been tightened. It doesn’t crash silly anymore when it has to output large BIB or session tables, and works a lot harder to keep the database free from trashy leftover records.
Then we have a couple of performance optimizations. In particular (and more or less as a side effect), by aligning log priorities to those from the rest of the kernel, more care has been taken to keep the log cleaner.
If you care about performance, you might want to read the as-of-now-missing documentation of --minMTU6
, a configuration parameter that helps you avoid fragmentation.
If people doesn’t find critical bugs in this version, this appears to be the end of the 3.1.x series. We’ll go back to aim for 100% RFC compliance in the next update.
2014-04-25
Version 3.1.4 released. Fixes:
- Two kernel crashes.
- The userspace application now resolves names.
- Added support for Linux 3.13+.
Also, we no longer recommend usage of Jool in kernel 3.12.
2014-03-26
Version 3.1.3 released. Fixes:
- An incorrect implementation used to ban configuration on certain systems.
- A bug used to prevent Jool from sending certain ICMP errors.
- A memory leak.
- Slightly optimized the packet translation algorithm by replacing some spinlocks with RCUs.
2014-03-04
Website released. This website!
And with it comes a new release. 3.1.2 fixes:
- 21-centuried the userspace-app’s installation procedure.
- Jool is now more explicit regarding the suffix of prefixes.
- Jool no longer wrecks itself when modprobed with invalid arguments.
2014-02-21
Version 3.1.1 released.
It contains two bugfixes:
- Added permission checking to the admin-related userspace requests.
- Fixed compatibility issues with ~3.1 kernels.
2014-01-15
Version 3.1.0 released. Jool finally handles fragments!
Other important fixes:
- Major optimizations on both the BIB and session databases. The module should scale a lot more gracefully as clients demand more traffic.
- Jool no longer requires a separate IPv4 address.
- Kernel panic during removal of the module fixed.
- And More stuff.