Documentation > Miscellaneous > FAQ

Troubleshooting/FAQ

Index

  1. Error: Don’t know what to do: The packet I just received does not follow Jool’s protocol.
  2. Why is Jool not doing anything?
  3. Why is my ping not working?
  4. Jool is intermitently unable to translate traffic.
  5. The throughput is terrible!

Error: Don’t know what to do: The packet I just received does not follow Jool’s protocol.

Sorry; this error message is supposed to be

Version mismatch. The userspace client's version is X.X.X.X,
but the kernel module is Y.Y.Y.Y.
Please update the (userspace client|kernel module).

but, because of this bug, the relevant protocol details changed between Jool 4.1.4 and Jool 4.1.5.

The problem is that you updated either the userspace client or the kernel module, but not both.

You can check your userspace client version with

$ jool --version
X.X.X.X

And the kernel module version by querying dmesg after a successful modprobe:

$ sudo modprobe jool
$ dmesg -t | grep inserted
Jool: Core Jool vY.Y.Y.Y module inserted.
NAT64 Jool vY.Y.Y.Y module inserted.

Update either artifact by following the corresponding instructions.

Why is Jool not doing anything?

First off: As of Jool 4, modprobing the module is no longer enough. Did you create an instance?

If so, then try printing your instance’s active statistics:

user@T:~# jool -i "<Your instance's name>" stats display --explain
JSTAT_SUCCESS: 35
Successful translations. (Note: 'Successful translation' does not imply
that the packet was actually delivered.)

JSTAT_BIB_ENTRIES: 5
Number of BIB entries currently held in the BIB.

JSTAT_SESSIONS: 8
Number of session entries currently held in the BIB.

JSTAT_BIB4_NOT_FOUND: 1
Translations cancelled: IPv4 packet did not match a BIB entry from the
database.

JSTAT_FAILED_ROUTES: 1045
The translated packet could not be routed; the kernel's routing function
errored. Cause is unknown. (It usually happens because the packet's
destination address could not be found in the routing table.)

Given the output above, for example, I’d try looking into the routing table.

If stats proves insufficient, you can enable debug logging.

Why is my ping not working?

Probably because you started the ping on the same machine (or rather, network namespace) your translator instance is attached to.

At present, Netfilter Jool only hooks itself to PRE_ROUTING. It does not attach itself to LOCAL_OUT. This means it can only translate traffic that inbounds from some interface (physical or otherwise). It does not intercept packets sourced from its own network namespace.

Because iptables provides matching functionality, it makes more sense to attach iptables Jool instances to LOCAL_OUT. And AFAIK, there’s nothing stopping you from doing so. But don’t quote me; I haven’t tested it.

Jool is intermitently unable to translate traffic.

Did you run something in the lines of

ip addr flush dev eth1

?

Then you might have deleted the interface’s Link address.

Link addresses are used by several relevant IPv6 protocols. In particular, they are used by the Neighbor Discovery Protocol, which means if you don’t have them, the translating machine will have trouble finding its IPv6 neighbors.

Check the output of ip addr.

user@T:~$ /sbin/ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:83:d9:40 brd ff:ff:ff:ff:ff:ff
    inet6 2001:db8:aaaa::1/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe83:d940/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:c6:01:48 brd ff:ff:ff:ff:ff:ff
    inet6 2001:db8:bbbb::1/64 scope global tentative 
       valid_lft forever preferred_lft forever

Interface eth0 is correctly configured; it has both a “scope global” address (used for typical traffic) and a “scope link” address (used for internal management). Interface eth1 lacks a link address, and is therefore a headache inducer.

The easiest way to restore scope link addresses, we have found, is to just reset the interface:

ip link set eth1 down
ip link set eth1 up

Yes, I’m serious:

user@T:~$ /sbin/ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:83:d9:40 brd ff:ff:ff:ff:ff:ff
    inet6 2001:db8:aaaa::1/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe83:d940/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:c6:01:48 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::a00:27ff:fec6:148/64 scope link 
       valid_lft forever preferred_lft forever

(Note, you need to add the global address again)

Also, for future reference, keep in mind that the “correct” way to flush an interface is

ip addr flush dev eth1 scope global

IPv4 doesn’t need link addresses that much.

The throughput is terrible!

Try disabling offloads.

If you’re running Jool in a guest virtual machine, something important to keep in mind is that you might rather or also have to disable offloads in the VM host’s uplink interface.

And please report that this happened to you. Because of recent developments, Jool should be offload-independent as of version 4.0.0.