NICMx Jool Versions Save

Improvements since 4.1.10:

• #407: Patch compilation in some environments.
• #409: Move the Debian systemd service to After=network-pre.target, to prevent deadlock during boot in some environments.
• 750909dd3f0df8771883121b1820f7e10010ff31: When running into an untranslatable address, print it clearly in the logs.
• #413: Enhance validations of pool4, BIB and session userspace requests.
• #415, Debian#1057445: Add support for kernel 6.4, 6.5, 6.6 and 6.7-rc6.
• #417: Add support for RHEL 9.2 and 9.3.
• Debian#1046037: Add the "distclean" target to the kernel module Makefiles.
• Debian#1057703: Remove mime-support from build dependencies.
• Debian#1041856: Remove all links to jool.mx in the Debian package.

There have also been several patches in the joold code, but this is still an ongoing effort. You might want to abstain from using joold at the moment.

Improvements since 4.1.9:

• #382, #400: Clean up skb->tstamp during translation to prevent dropped packets.
• #401, #404: Improve validations for userspace requests.
• #405: Add support for kernels 6.2 and 6.3.
• #406, Debian#1029268: Modernize references to libxtables shared object functions.

Bugfixes since 4.1.8:

• #347: Allow new Jool binaries to interact with other binaries sharing the same major and minor number versions.
• #378: Fix randomly incomplete stats display table print.
• #379, #380, #395: Add support for kernels 5.17, 5.18, 5.19, 6.0, 6.1, RHEL8.6, RHEL8.7, RHEL9.0 and RHEL9.1. Drop support for RHEL8.5.
• #388, #389: Fix sample atomic configuration in the documentation.
• #391, #392: Update OpenWRT installation documentation.
• #396: Allow (and fix during translation, adding mandated padding) ICMP errors containing both ICMP extensions and internal packets measuring less than 128 bytes.

Improvements since 4.1.7:

• #366, #375: Fix checksums in Slow Path.
  This is a fairly critical bug; please upgrade. It affects packets that fulfill the following conditions:
  • IPv4-to-IPv6
  • Not ICMP error
  • Incoming packet’s DF was disabled
  • Packet was large, or GRO-aggregated
• Add validation to more verbosely reject IPv6 packets that contain more than one fragment header.
• Add validation to more verbosely reject fragmented (and not reassembled by nf_defrag_ipv*) ICMP errors.
  (Aside from being fairly illegal, these packets cannot be translated because the "ICMPv6 length" of the ICMP pseudoheader is unknown.)
• Bugfix: When routing TCP/UDP fragments, the code was including header ports even though nonzero fragment-offset packets lack TCP/UDP headers.
  This bug probably doesn't affect you, unless your routing is somehow port-based.

Improvements since 4.1.6:

• #372: iptables dependency now optional.

Improvements since 4.1.5:

• #362: Fix joold in kernels 5.10+.
• #363: Improve performance of EAMT table insertions during atomic configuration.
• #364: Tweak the TCP state machine so --handle-rst-during-fin-rcv works in both translation directions (IPv4 -> IPv6, IPv6 -> IPv4).
• #368: Fix kernel crash during pool4 flush.
• #369: Fix localhost traffic on Netfilter SIIT mode.
• #370: Fix ICMP errors bounced back as responses from echo requests or echo replies.
• Update the kernel support table.

Second release candidate of Jool 4.2.0 (MAP-T)

Bugfixes since 4.2.0-rc1:

• Patch some incorrect MAP-T address translations.
• Clean up unit tests.
• Internal API cleanups for Netlink.

Improvements since 4.1.4:

• #340: Patch several joold bugs.
• #345, #354: Improve some documentation.
• #350: Remove CAP_NET_ADMIN requirement from stats display.

First release candidate of Jool 4.2.0 (MAP-T)

Improvements since 4.1.3:

1. #341: Deprecate "blacklist4," add replacement "denylist4."
2. #342: Add /32 to the generic denylist again. (And remove secondary addresses, since nobody has actually requested them.)
3. #343: Clarify some documentation. (WIP)

I also largely rewrote the "intro-xlat" documentation page, to reflect the changes from the MAP-T branch.