1*10465441SEvalZero /**
2*10465441SEvalZero * NAT - NAT implementation for lwIP supporting TCP/UDP and ICMP.
3*10465441SEvalZero * Copyright (c) 2009 Christian Walter, ?Embedded Solutions, Vienna 2009.
4*10465441SEvalZero * Copyright (c) 2010 lwIP project ;-)
5*10465441SEvalZero * COPYRIGHT (C) 2015, RT-Thread Development Team
6*10465441SEvalZero * All rights reserved.
7*10465441SEvalZero *
8*10465441SEvalZero * Redistribution and use in source and binary forms, with or without modification,
9*10465441SEvalZero * are permitted provided that the following conditions are met:
10*10465441SEvalZero *
11*10465441SEvalZero * 1. Redistributions of source code must retain the above copyright notice,
12*10465441SEvalZero * this list of conditions and the following disclaimer.
13*10465441SEvalZero * 2. Redistributions in binary form must reproduce the above copyright notice,
14*10465441SEvalZero * this list of conditions and the following disclaimer in the documentation
15*10465441SEvalZero * and/or other materials provided with the distribution.
16*10465441SEvalZero * 3. The name of the author may not be used to endorse or promote products
17*10465441SEvalZero * derived from this software without specific prior written permission.
18*10465441SEvalZero *
19*10465441SEvalZero * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
20*10465441SEvalZero * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
21*10465441SEvalZero * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
22*10465441SEvalZero * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23*10465441SEvalZero * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
24*10465441SEvalZero * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25*10465441SEvalZero * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26*10465441SEvalZero * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
27*10465441SEvalZero * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
28*10465441SEvalZero * OF SUCH DAMAGE.
29*10465441SEvalZero *
30*10465441SEvalZero * Change Logs:
31*10465441SEvalZero * Date Author Notes
32*10465441SEvalZero * 2015-01-26 Hichard porting to RT-Thread
33*10465441SEvalZero * 2015-01-27 Bernard code cleanup for lwIP in RT-Thread
34*10465441SEvalZero */
35*10465441SEvalZero
36*10465441SEvalZero /*
37*10465441SEvalZero * TODOS:
38*10465441SEvalZero * - we should decide if we want to use static tables for NAT or a linked
39*10465441SEvalZero * list.
40*10465441SEvalZero * - we should allocate icmp ping id if multiple clients are sending
41*10465441SEvalZero * ping requests.
42*10465441SEvalZero * - maybe we could hash the identifiers for TCP, ICMP and UDP and use
43*10465441SEvalZero * a single table structure. This would reduce the code amount although
44*10465441SEvalZero * it will cost performance.
45*10465441SEvalZero * - NAT code must check for broadcast addresses and NOT forward
46*10465441SEvalZero * them.
47*10465441SEvalZero *
48*10465441SEvalZero * - netif_remove must notify NAT code when a NAT'ed interface is removed
49*10465441SEvalZero * - allocate NAT entries from a new memp pool instead of the heap
50*10465441SEvalZero * - let ttl be ticks, not seconds
51*10465441SEvalZero *
52*10465441SEvalZero * HOWTO USE:
53*10465441SEvalZero *
54*10465441SEvalZero * Shows how to create NAT between a PPP interface and an internal NIC.
55*10465441SEvalZero * In this case the network 213.129.231.168/29 is nat'ed when packets
56*10465441SEvalZero * are sent to the destination network 10.0.0.0/24 (untypical example -
57*10465441SEvalZero * most users will have the other way around).
58*10465441SEvalZero *
59*10465441SEvalZero * Step 1) Execute when network interfaces are ready.
60*10465441SEvalZero *
61*10465441SEvalZero * new_nat_entry.out_if = (struct netif *)&PPP_IF;
62*10465441SEvalZero * new_nat_entry.in_if = (struct netif *)&EMAC_if;
63*10465441SEvalZero * IP4_ADDR(&new_nat_entry.source_net, 213, 129, 231, 168);
64*10465441SEvalZero * IP4_ADDR(&new_nat_entry.source_netmask, 255, 255, 255, 248);
65*10465441SEvalZero * IP4_ADDR(&new_nat_entry.dest_net, 10, 0, 0, 0);
66*10465441SEvalZero * IP4_ADDR(&new_nat_entry.source_netmask, 255, 0, 0, 0);
67*10465441SEvalZero * ip_nat_add(&new_nat_entry);
68*10465441SEvalZero */
69*10465441SEvalZero
70*10465441SEvalZero #include "ipv4_nat.h"
71*10465441SEvalZero #include "lwip/opt.h"
72*10465441SEvalZero
73*10465441SEvalZero #ifdef LWIP_USING_NAT
74*10465441SEvalZero
75*10465441SEvalZero #include "lwip/ip.h"
76*10465441SEvalZero #include "lwip/inet.h"
77*10465441SEvalZero #include "lwip/netif.h"
78*10465441SEvalZero #include "lwip/ip_addr.h"
79*10465441SEvalZero #include "lwip/icmp.h"
80*10465441SEvalZero #include "lwip/tcp_impl.h"
81*10465441SEvalZero #include "lwip/udp.h"
82*10465441SEvalZero #include "lwip/mem.h"
83*10465441SEvalZero #include "lwip/sys.h"
84*10465441SEvalZero #include "lwip/timers.h"
85*10465441SEvalZero #include "netif/etharp.h"
86*10465441SEvalZero
87*10465441SEvalZero #include <limits.h>
88*10465441SEvalZero #include <string.h>
89*10465441SEvalZero
90*10465441SEvalZero /** Define this to enable debug output of this module */
91*10465441SEvalZero #ifndef LWIP_NAT_DEBUG
92*10465441SEvalZero #define LWIP_NAT_DEBUG LWIP_DBG_OFF
93*10465441SEvalZero #endif
94*10465441SEvalZero
95*10465441SEvalZero #define LWIP_NAT_TTL_INFINITE (INT_MAX)
96*10465441SEvalZero #define LWIP_NAT_DEFAULT_TTL_SECONDS (128)
97*10465441SEvalZero #define LWIP_NAT_FORWARD_HEADER_SIZE_MIN (sizeof(struct eth_hdr))
98*10465441SEvalZero
99*10465441SEvalZero #define LWIP_NAT_DEFAULT_STATE_TABLES_ICMP (4)
100*10465441SEvalZero #define LWIP_NAT_DEFAULT_STATE_TABLES_TCP (32)
101*10465441SEvalZero #define LWIP_NAT_DEFAULT_STATE_TABLES_UDP (32)
102*10465441SEvalZero
103*10465441SEvalZero #define LWIP_NAT_DEFAULT_TCP_SOURCE_PORT (40000)
104*10465441SEvalZero #define LWIP_NAT_DEFAULT_UDP_SOURCE_PORT (40000)
105*10465441SEvalZero
106*10465441SEvalZero #define IPNAT_ENTRY_RESET(x) do { \
107*10465441SEvalZero (x)->ttl = 0; \
108*10465441SEvalZero } while(0)
109*10465441SEvalZero
110*10465441SEvalZero typedef struct ip_nat_conf
111*10465441SEvalZero {
112*10465441SEvalZero struct ip_nat_conf *next;
113*10465441SEvalZero ip_nat_entry_t entry;
114*10465441SEvalZero } ip_nat_conf_t;
115*10465441SEvalZero
116*10465441SEvalZero typedef struct ip_nat_entry_common
117*10465441SEvalZero {
118*10465441SEvalZero s32_t ttl; /* @todo: do we really need this to be signed?? */
119*10465441SEvalZero ip_addr_t source;
120*10465441SEvalZero ip_addr_t dest;
121*10465441SEvalZero ip_nat_conf_t *cfg;
122*10465441SEvalZero } ip_nat_entry_common_t;
123*10465441SEvalZero
124*10465441SEvalZero typedef struct ip_nat_entries_icmp
125*10465441SEvalZero {
126*10465441SEvalZero ip_nat_entry_common_t common;
127*10465441SEvalZero u16_t id;
128*10465441SEvalZero u16_t seqno;
129*10465441SEvalZero } ip_nat_entries_icmp_t;
130*10465441SEvalZero
131*10465441SEvalZero typedef struct ip_nat_entries_tcp
132*10465441SEvalZero {
133*10465441SEvalZero ip_nat_entry_common_t common;
134*10465441SEvalZero u16_t nport;
135*10465441SEvalZero u16_t sport;
136*10465441SEvalZero u16_t dport;
137*10465441SEvalZero } ip_nat_entries_tcp_t;
138*10465441SEvalZero
139*10465441SEvalZero typedef struct ip_nat_entries_udp
140*10465441SEvalZero {
141*10465441SEvalZero ip_nat_entry_common_t common;
142*10465441SEvalZero u16_t nport;
143*10465441SEvalZero u16_t sport;
144*10465441SEvalZero u16_t dport;
145*10465441SEvalZero } ip_nat_entries_udp_t;
146*10465441SEvalZero
147*10465441SEvalZero typedef union u_nat_entry
148*10465441SEvalZero {
149*10465441SEvalZero ip_nat_entry_common_t *cmn;
150*10465441SEvalZero ip_nat_entries_tcp_t *tcp;
151*10465441SEvalZero ip_nat_entries_icmp_t *icmp;
152*10465441SEvalZero ip_nat_entries_udp_t *udp;
153*10465441SEvalZero } nat_entry_t;
154*10465441SEvalZero
155*10465441SEvalZero static ip_nat_conf_t *ip_nat_cfg = NULL;
156*10465441SEvalZero static ip_nat_entries_icmp_t ip_nat_icmp_table[LWIP_NAT_DEFAULT_STATE_TABLES_ICMP];
157*10465441SEvalZero static ip_nat_entries_tcp_t ip_nat_tcp_table[LWIP_NAT_DEFAULT_STATE_TABLES_TCP];
158*10465441SEvalZero static ip_nat_entries_udp_t ip_nat_udp_table[LWIP_NAT_DEFAULT_STATE_TABLES_UDP];
159*10465441SEvalZero
160*10465441SEvalZero /* ----------------------- Static functions (COMMON) --------------------*/
161*10465441SEvalZero static void ip_nat_chksum_adjust(u8_t *chksum, const u8_t *optr, s16_t olen, const u8_t *nptr, s16_t nlen);
162*10465441SEvalZero static void ip_nat_cmn_init(ip_nat_conf_t *nat_config, const struct ip_hdr *iphdr,
163*10465441SEvalZero ip_nat_entry_common_t *nat_entry);
164*10465441SEvalZero static ip_nat_conf_t *ip_nat_shallnat(const struct ip_hdr *iphdr);
165*10465441SEvalZero static void ip_nat_reset_state(ip_nat_conf_t *cfg);
166*10465441SEvalZero
167*10465441SEvalZero /* ----------------------- Static functions (DEBUG) ---------------------*/
168*10465441SEvalZero #if defined(LWIP_DEBUG) && (LWIP_NAT_DEBUG & LWIP_DBG_ON)
169*10465441SEvalZero static void ip_nat_dbg_dump(const char *msg, const struct ip_hdr *iphdr);
170*10465441SEvalZero static void ip_nat_dbg_dump_ip(const ip_addr_t *addr);
171*10465441SEvalZero static void ip_nat_dbg_dump_icmp_nat_entry(const char *msg, const ip_nat_entries_icmp_t *nat_entry);
172*10465441SEvalZero static void ip_nat_dbg_dump_tcp_nat_entry(const char *msg, const ip_nat_entries_tcp_t *nat_entry);
173*10465441SEvalZero static void ip_nat_dbg_dump_udp_nat_entry(const char *msg, const ip_nat_entries_udp_t *nat_entry);
174*10465441SEvalZero static void ip_nat_dbg_dump_init(ip_nat_conf_t *ip_nat_cfg_new);
175*10465441SEvalZero static void ip_nat_dbg_dump_remove(ip_nat_conf_t *cur);
176*10465441SEvalZero #else /* defined(LWIP_DEBUG) && (LWIP_NAT_DEBUG & LWIP_DBG_ON) */
177*10465441SEvalZero #define ip_nat_dbg_dump(msg, iphdr)
178*10465441SEvalZero #define ip_nat_dbg_dump_ip(addr)
179*10465441SEvalZero #define ip_nat_dbg_dump_icmp_nat_entry(msg, nat_entry)
180*10465441SEvalZero #define ip_nat_dbg_dump_tcp_nat_entry(msg, nat_entry)
181*10465441SEvalZero #define ip_nat_dbg_dump_udp_nat_entry(msg, nat_entry)
182*10465441SEvalZero #define ip_nat_dbg_dump_init(ip_nat_cfg_new)
183*10465441SEvalZero #define ip_nat_dbg_dump_remove(cur)
184*10465441SEvalZero #endif /* defined(LWIP_DEBUG) && (LWIP_NAT_DEBUG & LWIP_DBG_ON) */
185*10465441SEvalZero
186*10465441SEvalZero /* ----------------------- Static functions (TCP) -----------------------*/
187*10465441SEvalZero static ip_nat_entries_tcp_t *ip_nat_tcp_lookup_incoming(const struct ip_hdr *iphdr, const struct tcp_hdr *tcphdr);
188*10465441SEvalZero static ip_nat_entries_tcp_t *ip_nat_tcp_lookup_outgoing(ip_nat_conf_t *nat_config,
189*10465441SEvalZero const struct ip_hdr *iphdr, const struct tcp_hdr *tcphdr,
190*10465441SEvalZero u8_t allocate);
191*10465441SEvalZero
192*10465441SEvalZero /* ----------------------- Static functions (UDP) -----------------------*/
193*10465441SEvalZero static ip_nat_entries_udp_t *ip_nat_udp_lookup_incoming(const struct ip_hdr *iphdr, const struct udp_hdr *udphdr);
194*10465441SEvalZero static ip_nat_entries_udp_t *ip_nat_udp_lookup_outgoing(ip_nat_conf_t *nat_config,
195*10465441SEvalZero const struct ip_hdr *iphdr, const struct udp_hdr *udphdr,
196*10465441SEvalZero u8_t allocate);
197*10465441SEvalZero
198*10465441SEvalZero /**
199*10465441SEvalZero * Timer callback function that calls ip_nat_tmr() and reschedules itself.
200*10465441SEvalZero *
201*10465441SEvalZero * @param arg unused argument
202*10465441SEvalZero */
203*10465441SEvalZero static void
nat_timer(void * arg)204*10465441SEvalZero nat_timer(void *arg)
205*10465441SEvalZero {
206*10465441SEvalZero LWIP_UNUSED_ARG(arg);
207*10465441SEvalZero LWIP_DEBUGF(TIMERS_DEBUG, ("tcpip: nat_timer()\n"));
208*10465441SEvalZero
209*10465441SEvalZero ip_nat_tmr();
210*10465441SEvalZero sys_timeout(LWIP_NAT_TMR_INTERVAL_SEC * 1000, nat_timer, NULL);
211*10465441SEvalZero }
212*10465441SEvalZero
213*10465441SEvalZero /** Initialize this module */
214*10465441SEvalZero void
ip_nat_init(void)215*10465441SEvalZero ip_nat_init(void)
216*10465441SEvalZero {
217*10465441SEvalZero int i;
218*10465441SEvalZero extern void lwip_ip_input_set_hook(int (*hook)(struct pbuf *p, struct netif *inp));
219*10465441SEvalZero
220*10465441SEvalZero /* @todo: this can be omitted since we trust static variables
221*10465441SEvalZero to be initialized to zero */
222*10465441SEvalZero for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_ICMP; i++) {
223*10465441SEvalZero IPNAT_ENTRY_RESET(&ip_nat_icmp_table[i].common);
224*10465441SEvalZero }
225*10465441SEvalZero for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_TCP; i++) {
226*10465441SEvalZero IPNAT_ENTRY_RESET(&ip_nat_tcp_table[i].common);
227*10465441SEvalZero }
228*10465441SEvalZero for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_UDP; i++) {
229*10465441SEvalZero IPNAT_ENTRY_RESET(&ip_nat_udp_table[i].common);
230*10465441SEvalZero }
231*10465441SEvalZero
232*10465441SEvalZero /* we must lock scheduler to protect following code */
233*10465441SEvalZero rt_enter_critical();
234*10465441SEvalZero
235*10465441SEvalZero /* add a lwip timer for NAT */
236*10465441SEvalZero sys_timeout(LWIP_NAT_TMR_INTERVAL_SEC * 1000, nat_timer, NULL);
237*10465441SEvalZero
238*10465441SEvalZero /* un-protect */
239*10465441SEvalZero rt_exit_critical();
240*10465441SEvalZero }
241*10465441SEvalZero
242*10465441SEvalZero /** Allocate a new ip_nat_conf_t item */
243*10465441SEvalZero static ip_nat_conf_t*
ip_nat_alloc(void)244*10465441SEvalZero ip_nat_alloc(void)
245*10465441SEvalZero {
246*10465441SEvalZero ip_nat_conf_t *ret = (ip_nat_conf_t*)mem_malloc(sizeof(ip_nat_conf_t));
247*10465441SEvalZero return ret;
248*10465441SEvalZero }
249*10465441SEvalZero
250*10465441SEvalZero /** Free a removed ip_nat_conf_t item */
251*10465441SEvalZero static void
ip_nat_free(ip_nat_conf_t * item)252*10465441SEvalZero ip_nat_free(ip_nat_conf_t *item)
253*10465441SEvalZero {
254*10465441SEvalZero LWIP_ASSERT("item != NULL", item != NULL);
255*10465441SEvalZero mem_free(item);
256*10465441SEvalZero }
257*10465441SEvalZero
258*10465441SEvalZero /** Add a new NAT entry
259*10465441SEvalZero *
260*10465441SEvalZero * @param new_entry pointer to a structure used to initialize the entry
261*10465441SEvalZero * @return ERR_OK if succeeded
262*10465441SEvalZero */
263*10465441SEvalZero err_t
ip_nat_add(const ip_nat_entry_t * new_entry)264*10465441SEvalZero ip_nat_add(const ip_nat_entry_t *new_entry)
265*10465441SEvalZero {
266*10465441SEvalZero err_t err = ERR_VAL;
267*10465441SEvalZero ip_nat_conf_t *cur = ip_nat_cfg;
268*10465441SEvalZero ip_nat_conf_t *ip_nat_cfg_new = ip_nat_alloc();
269*10465441SEvalZero LWIP_ASSERT("new_entry != NULL", new_entry != NULL);
270*10465441SEvalZero
271*10465441SEvalZero if (ip_nat_cfg_new != NULL) {
272*10465441SEvalZero SMEMCPY(&ip_nat_cfg_new->entry, new_entry, sizeof(ip_nat_entry_t));
273*10465441SEvalZero ip_nat_cfg_new->next = NULL;
274*10465441SEvalZero
275*10465441SEvalZero ip_nat_dbg_dump_init(ip_nat_cfg_new);
276*10465441SEvalZero
277*10465441SEvalZero if (ip_nat_cfg == NULL) {
278*10465441SEvalZero ip_nat_cfg = ip_nat_cfg_new;
279*10465441SEvalZero } else {
280*10465441SEvalZero /* @todo: do we really need to enqueue the new entry at the end?? */
281*10465441SEvalZero while (cur->next != NULL) {
282*10465441SEvalZero cur = cur->next;
283*10465441SEvalZero }
284*10465441SEvalZero cur->next = ip_nat_cfg_new;
285*10465441SEvalZero }
286*10465441SEvalZero err = ERR_OK;
287*10465441SEvalZero } else {
288*10465441SEvalZero err = ERR_MEM;
289*10465441SEvalZero }
290*10465441SEvalZero return err;
291*10465441SEvalZero }
292*10465441SEvalZero
293*10465441SEvalZero /** Remove a NAT entry previously added by 'ip_nat_add()'.
294*10465441SEvalZero *
295*10465441SEvalZero * @param remove_entry describes the entry to remove
296*10465441SEvalZero */
297*10465441SEvalZero void
ip_nat_remove(const ip_nat_entry_t * remove_entry)298*10465441SEvalZero ip_nat_remove(const ip_nat_entry_t *remove_entry)
299*10465441SEvalZero {
300*10465441SEvalZero ip_nat_conf_t *cur = ip_nat_cfg;
301*10465441SEvalZero ip_nat_conf_t *next;
302*10465441SEvalZero ip_nat_conf_t *previous = NULL;
303*10465441SEvalZero
304*10465441SEvalZero while (cur != NULL) {
305*10465441SEvalZero /* Remove the NAT interfaces */
306*10465441SEvalZero if ((cur->entry.source_net.addr == remove_entry->source_net.addr) &&
307*10465441SEvalZero (cur->entry.source_netmask.addr == remove_entry->source_netmask.addr) &&
308*10465441SEvalZero (cur->entry.dest_net.addr == remove_entry->dest_net.addr) &&
309*10465441SEvalZero (cur->entry.dest_netmask.addr == remove_entry->dest_netmask.addr) &&
310*10465441SEvalZero (cur->entry.out_if == remove_entry->out_if) &&
311*10465441SEvalZero (cur->entry.in_if == remove_entry->in_if))
312*10465441SEvalZero {
313*10465441SEvalZero ip_nat_dbg_dump_remove(cur);
314*10465441SEvalZero
315*10465441SEvalZero ip_nat_reset_state(cur);
316*10465441SEvalZero next = cur->next;
317*10465441SEvalZero if (cur == ip_nat_cfg) {
318*10465441SEvalZero ip_nat_cfg = next;
319*10465441SEvalZero } else {
320*10465441SEvalZero LWIP_ASSERT("NULL != previous", NULL != previous);
321*10465441SEvalZero previous->next = next;
322*10465441SEvalZero }
323*10465441SEvalZero /* free 'cur' or there will be a memory leak */
324*10465441SEvalZero ip_nat_free(cur);
325*10465441SEvalZero return;
326*10465441SEvalZero } else {
327*10465441SEvalZero previous = cur;
328*10465441SEvalZero cur = cur->next;
329*10465441SEvalZero }
330*10465441SEvalZero }
331*10465441SEvalZero }
332*10465441SEvalZero
333*10465441SEvalZero /** Reset a NAT configured entry to be reused.
334*10465441SEvalZero * Effectively calls IPNAT_ENTRY_RESET() on 'cfg'.
335*10465441SEvalZero *
336*10465441SEvalZero * @param cfg NAT entry to reset
337*10465441SEvalZero */
338*10465441SEvalZero static void
ip_nat_reset_state(ip_nat_conf_t * cfg)339*10465441SEvalZero ip_nat_reset_state(ip_nat_conf_t *cfg)
340*10465441SEvalZero {
341*10465441SEvalZero int i;
342*10465441SEvalZero
343*10465441SEvalZero /* @todo: optimize this!!!
344*10465441SEvalZero why do we search for it anyway, if we have the pointer??? */
345*10465441SEvalZero for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_ICMP; i++) {
346*10465441SEvalZero if(ip_nat_icmp_table[i].common.cfg == cfg) {
347*10465441SEvalZero IPNAT_ENTRY_RESET(&ip_nat_icmp_table[i].common);
348*10465441SEvalZero }
349*10465441SEvalZero }
350*10465441SEvalZero for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_TCP; i++) {
351*10465441SEvalZero if(ip_nat_tcp_table[i].common.cfg == cfg) {
352*10465441SEvalZero IPNAT_ENTRY_RESET(&ip_nat_tcp_table[i].common);
353*10465441SEvalZero }
354*10465441SEvalZero }
355*10465441SEvalZero for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_UDP; i++) {
356*10465441SEvalZero if(ip_nat_udp_table[i].common.cfg == cfg) {
357*10465441SEvalZero IPNAT_ENTRY_RESET(&ip_nat_udp_table[i].common);
358*10465441SEvalZero }
359*10465441SEvalZero }
360*10465441SEvalZero }
361*10465441SEvalZero
362*10465441SEvalZero /** Check if this packet should be routed or should be translated
363*10465441SEvalZero *
364*10465441SEvalZero * @param iphdr the IP header to check
365*10465441SEvalZero * @return - a NAT entry if the packet shall be translated,
366*10465441SEvalZero * - NULL if the packet shall be routed normally
367*10465441SEvalZero */
368*10465441SEvalZero static ip_nat_conf_t *
ip_nat_shallnat(const struct ip_hdr * iphdr)369*10465441SEvalZero ip_nat_shallnat(const struct ip_hdr *iphdr)
370*10465441SEvalZero {
371*10465441SEvalZero ip_nat_conf_t *nat_config = ip_nat_cfg;
372*10465441SEvalZero
373*10465441SEvalZero for (nat_config = ip_nat_cfg; nat_config != NULL; nat_config = nat_config->next) {
374*10465441SEvalZero if (ip_addr_netcmp(&(iphdr->dest), &(nat_config->entry.dest_net),
375*10465441SEvalZero &(nat_config->entry.dest_netmask)) ||
376*10465441SEvalZero ip_addr_netcmp(&(iphdr->src), &(nat_config->entry.source_net),
377*10465441SEvalZero &(nat_config->entry.source_netmask))) {
378*10465441SEvalZero break;
379*10465441SEvalZero }
380*10465441SEvalZero }
381*10465441SEvalZero
382*10465441SEvalZero return nat_config;
383*10465441SEvalZero }
384*10465441SEvalZero
385*10465441SEvalZero /** Check if the IP header can be hidden and if the remaining packet
386*10465441SEvalZero * is long enough. p->payload is reset to the IP header on return.
387*10465441SEvalZero *
388*10465441SEvalZero * @param p received packet, p->payload pointing to IP header
389*10465441SEvalZero * @param min_size minimum p->tot_len after hiding IP header
390*10465441SEvalZero * @return a pointer to the next header (after IP header),
391*10465441SEvalZero * NULL if hiding IP header fails or the packet is too short
392*10465441SEvalZero */
393*10465441SEvalZero static void*
ip_nat_check_header(struct pbuf * p,u16_t min_size)394*10465441SEvalZero ip_nat_check_header(struct pbuf *p, u16_t min_size)
395*10465441SEvalZero {
396*10465441SEvalZero void *ret = NULL;
397*10465441SEvalZero struct ip_hdr *iphdr = (struct ip_hdr*)p->payload;
398*10465441SEvalZero s16_t iphdr_len = IPH_HL(iphdr) * 4;
399*10465441SEvalZero
400*10465441SEvalZero if(!pbuf_header(p, -iphdr_len)) {
401*10465441SEvalZero if(p->tot_len >= min_size) {
402*10465441SEvalZero ret = p->payload;
403*10465441SEvalZero }
404*10465441SEvalZero /* Restore pbuf payload pointer from previous header check. */
405*10465441SEvalZero pbuf_header(p, iphdr_len);
406*10465441SEvalZero }
407*10465441SEvalZero return ret;
408*10465441SEvalZero }
409*10465441SEvalZero
410*10465441SEvalZero /** Input processing: check if a received packet belongs to a NAT entry
411*10465441SEvalZero * and if so, translated it and send it on.
412*10465441SEvalZero *
413*10465441SEvalZero * @param p received packet
414*10465441SEvalZero * @return 1 if the packet has been consumed (it was a NAT packet),
415*10465441SEvalZero * 0 if the packet has not been consumed (no NAT packet)
416*10465441SEvalZero */
417*10465441SEvalZero u8_t
ip_nat_input(struct pbuf * p)418*10465441SEvalZero ip_nat_input(struct pbuf *p)
419*10465441SEvalZero {
420*10465441SEvalZero struct ip_hdr *iphdr = (struct ip_hdr*)p->payload;
421*10465441SEvalZero struct tcp_hdr *tcphdr;
422*10465441SEvalZero struct udp_hdr *udphdr;
423*10465441SEvalZero struct icmp_echo_hdr *icmphdr;
424*10465441SEvalZero nat_entry_t nat_entry;
425*10465441SEvalZero err_t err;
426*10465441SEvalZero u8_t consumed = 0;
427*10465441SEvalZero int i;
428*10465441SEvalZero struct pbuf *q = NULL;
429*10465441SEvalZero
430*10465441SEvalZero nat_entry.cmn = NULL;
431*10465441SEvalZero ip_nat_dbg_dump("ip_nat_in: checking nat for", iphdr);
432*10465441SEvalZero
433*10465441SEvalZero switch (IPH_PROTO(iphdr)) {
434*10465441SEvalZero case IP_PROTO_TCP:
435*10465441SEvalZero tcphdr = (struct tcp_hdr*)ip_nat_check_header(p, sizeof(struct tcp_hdr));
436*10465441SEvalZero if (tcphdr == NULL) {
437*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_input: short tcp packet (%" U16_F " bytes) discarded\n", p->tot_len));
438*10465441SEvalZero } else {
439*10465441SEvalZero nat_entry.tcp = ip_nat_tcp_lookup_incoming(iphdr, tcphdr);
440*10465441SEvalZero if (nat_entry.tcp != NULL) {
441*10465441SEvalZero /* Refresh TCP entry */
442*10465441SEvalZero nat_entry.tcp->common.ttl = LWIP_NAT_DEFAULT_TTL_SECONDS;
443*10465441SEvalZero tcphdr->dest = nat_entry.tcp->sport;
444*10465441SEvalZero /* Adjust TCP checksum for changed destination port */
445*10465441SEvalZero ip_nat_chksum_adjust((u8_t *)&(tcphdr->chksum),
446*10465441SEvalZero (u8_t *)&(nat_entry.tcp->nport), 2, (u8_t *)&(tcphdr->dest), 2);
447*10465441SEvalZero /* Adjust TCP checksum for changing dest IP address */
448*10465441SEvalZero ip_nat_chksum_adjust((u8_t *)&(tcphdr->chksum),
449*10465441SEvalZero (u8_t *)&(nat_entry.cmn->cfg->entry.out_if->ip_addr.addr), 4,
450*10465441SEvalZero (u8_t *)&(nat_entry.cmn->source.addr), 4);
451*10465441SEvalZero
452*10465441SEvalZero consumed = 1;
453*10465441SEvalZero }
454*10465441SEvalZero }
455*10465441SEvalZero break;
456*10465441SEvalZero
457*10465441SEvalZero case IP_PROTO_UDP:
458*10465441SEvalZero udphdr = (struct udp_hdr *)ip_nat_check_header(p, sizeof(struct udp_hdr));
459*10465441SEvalZero if (udphdr == NULL) {
460*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG,
461*10465441SEvalZero ("ip_nat_input: short udp packet (%" U16_F " bytes) discarded\n",
462*10465441SEvalZero p->tot_len));
463*10465441SEvalZero } else {
464*10465441SEvalZero nat_entry.udp = ip_nat_udp_lookup_incoming(iphdr, udphdr);
465*10465441SEvalZero if (nat_entry.udp != NULL) {
466*10465441SEvalZero /* Refresh UDP entry */
467*10465441SEvalZero nat_entry.udp->common.ttl = LWIP_NAT_DEFAULT_TTL_SECONDS;
468*10465441SEvalZero udphdr->dest = nat_entry.udp->sport;
469*10465441SEvalZero /* Adjust UDP checksum for changed destination port */
470*10465441SEvalZero ip_nat_chksum_adjust((u8_t *)&(udphdr->chksum),
471*10465441SEvalZero (u8_t *)&(nat_entry.udp->nport), 2, (u8_t *)&(udphdr->dest), 2);
472*10465441SEvalZero /* Adjust UDP checksum for changing dest IP address */
473*10465441SEvalZero ip_nat_chksum_adjust((u8_t *)&(udphdr->chksum),
474*10465441SEvalZero (u8_t *)&(nat_entry.cmn->cfg->entry.out_if->ip_addr.addr), 4,
475*10465441SEvalZero (u8_t *)&(nat_entry.cmn->source.addr), 4);
476*10465441SEvalZero
477*10465441SEvalZero consumed = 1;
478*10465441SEvalZero }
479*10465441SEvalZero }
480*10465441SEvalZero break;
481*10465441SEvalZero
482*10465441SEvalZero case IP_PROTO_ICMP:
483*10465441SEvalZero icmphdr = (struct icmp_echo_hdr *)ip_nat_check_header(p, sizeof(struct icmp_echo_hdr));
484*10465441SEvalZero if (icmphdr == NULL) {
485*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG,
486*10465441SEvalZero ("ip_nat_out: short icmp echo reply packet (%" U16_F " bytes) discarded\n",
487*10465441SEvalZero p->tot_len));
488*10465441SEvalZero } else {
489*10465441SEvalZero if (ICMP_ER == ICMPH_TYPE(icmphdr)) {
490*10465441SEvalZero for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_ICMP; i++) {
491*10465441SEvalZero nat_entry.icmp = &ip_nat_icmp_table[i];
492*10465441SEvalZero if ((nat_entry.icmp->common.ttl) &&
493*10465441SEvalZero (iphdr->src.addr == nat_entry.icmp->common.dest.addr) &&
494*10465441SEvalZero (nat_entry.icmp->id == icmphdr->id) &&
495*10465441SEvalZero (nat_entry.icmp->seqno == icmphdr->seqno)) {
496*10465441SEvalZero ip_nat_dbg_dump_icmp_nat_entry("found existing nat entry: ", nat_entry.icmp);
497*10465441SEvalZero consumed = 1;
498*10465441SEvalZero IPNAT_ENTRY_RESET(nat_entry.cmn);
499*10465441SEvalZero break;
500*10465441SEvalZero }
501*10465441SEvalZero }
502*10465441SEvalZero }
503*10465441SEvalZero }
504*10465441SEvalZero break;
505*10465441SEvalZero
506*10465441SEvalZero default:
507*10465441SEvalZero break;
508*10465441SEvalZero }
509*10465441SEvalZero
510*10465441SEvalZero if(consumed) {
511*10465441SEvalZero /* packet consumed, send it out on in_if */
512*10465441SEvalZero struct netif *in_if;
513*10465441SEvalZero
514*10465441SEvalZero /* check if the pbuf has room for link headers */
515*10465441SEvalZero if (pbuf_header(p, PBUF_LINK_HLEN)) {
516*10465441SEvalZero /* pbuf has no room for link headers, allocate an extra pbuf */
517*10465441SEvalZero q = pbuf_alloc(PBUF_LINK, 0, PBUF_RAM);
518*10465441SEvalZero if (q == NULL) {
519*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_input: no pbuf for outgoing header\n"));
520*10465441SEvalZero // rt_kprintf("ip_nat_input: no pbuf for outgoing header\n");
521*10465441SEvalZero /* @todo: stats? */
522*10465441SEvalZero pbuf_free(p);
523*10465441SEvalZero p = NULL;
524*10465441SEvalZero return 1;
525*10465441SEvalZero } else {
526*10465441SEvalZero pbuf_cat(q, p);
527*10465441SEvalZero }
528*10465441SEvalZero } else {
529*10465441SEvalZero /* restore p->payload to IP header */
530*10465441SEvalZero if (pbuf_header(p, -PBUF_LINK_HLEN)) {
531*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_input: restoring header failed\n"));
532*10465441SEvalZero // rt_kprintf("ip_nat_input: restoring header failed\n");
533*10465441SEvalZero /* @todo: stats? */
534*10465441SEvalZero pbuf_free(p);
535*10465441SEvalZero p = NULL;
536*10465441SEvalZero return 1;
537*10465441SEvalZero }
538*10465441SEvalZero else q = p;
539*10465441SEvalZero }
540*10465441SEvalZero /* if we come here, q is the pbuf to send (either points to p or to a chain) */
541*10465441SEvalZero in_if = nat_entry.cmn->cfg->entry.in_if;
542*10465441SEvalZero iphdr->dest.addr = nat_entry.cmn->source.addr;
543*10465441SEvalZero ip_nat_chksum_adjust((u8_t *) & IPH_CHKSUM(iphdr),
544*10465441SEvalZero (u8_t *) & (nat_entry.cmn->cfg->entry.out_if->ip_addr.addr), 4,
545*10465441SEvalZero (u8_t *) & (iphdr->dest.addr), 4);
546*10465441SEvalZero
547*10465441SEvalZero ip_nat_dbg_dump("ip_nat_input: packet back to source after nat: ", iphdr);
548*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_input: sending packet on interface ("));
549*10465441SEvalZero ip_nat_dbg_dump_ip(&(in_if->ip_addr));
550*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (")\n"));
551*10465441SEvalZero
552*10465441SEvalZero err = in_if->output(in_if, q, (ip_addr_t *)&(iphdr->dest));
553*10465441SEvalZero if(err != ERR_OK) {
554*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG,
555*10465441SEvalZero ("ip_nat_input: failed to send rewritten packet. link layer returned %d\n",
556*10465441SEvalZero err));
557*10465441SEvalZero // rt_kprintf("ip_nat_input: failed to send rewritten packet. link layer returned %d\n", err);
558*10465441SEvalZero }
559*10465441SEvalZero /* now that q (and/or p) is sent (or not), give up the reference to it
560*10465441SEvalZero this frees the input pbuf (p) as we have consumed it. */
561*10465441SEvalZero pbuf_free(q);
562*10465441SEvalZero }
563*10465441SEvalZero return consumed;
564*10465441SEvalZero }
565*10465441SEvalZero
566*10465441SEvalZero /** Check if one NAT entry timed out */
567*10465441SEvalZero static void
ip_nat_check_timeout(ip_nat_entry_common_t * nat_entry)568*10465441SEvalZero ip_nat_check_timeout(ip_nat_entry_common_t *nat_entry)
569*10465441SEvalZero {
570*10465441SEvalZero if(nat_entry->ttl > 0) {
571*10465441SEvalZero if(nat_entry->ttl != LWIP_NAT_TTL_INFINITE) {
572*10465441SEvalZero /* this is not a 'no-timeout' entry */
573*10465441SEvalZero if(nat_entry->ttl > LWIP_NAT_TMR_INTERVAL_SEC) {
574*10465441SEvalZero nat_entry->ttl -= LWIP_NAT_TMR_INTERVAL_SEC;
575*10465441SEvalZero } else {
576*10465441SEvalZero nat_entry->ttl = 0;
577*10465441SEvalZero }
578*10465441SEvalZero }
579*10465441SEvalZero }
580*10465441SEvalZero }
581*10465441SEvalZero
582*10465441SEvalZero /** The NAT timer function, to be called at an interval of
583*10465441SEvalZero * LWIP_NAT_TMR_INTERVAL_SEC seconds.
584*10465441SEvalZero */
585*10465441SEvalZero void
ip_nat_tmr(void)586*10465441SEvalZero ip_nat_tmr(void)
587*10465441SEvalZero {
588*10465441SEvalZero int i;
589*10465441SEvalZero
590*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_tmr: removing old entries\n"));
591*10465441SEvalZero
592*10465441SEvalZero for(i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_ICMP; i++) {
593*10465441SEvalZero ip_nat_check_timeout((ip_nat_entry_common_t *) & ip_nat_icmp_table[i]);
594*10465441SEvalZero }
595*10465441SEvalZero for(i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_TCP; i++) {
596*10465441SEvalZero ip_nat_check_timeout((ip_nat_entry_common_t *) & ip_nat_tcp_table[i]);
597*10465441SEvalZero }
598*10465441SEvalZero for(i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_UDP; i++) {
599*10465441SEvalZero ip_nat_check_timeout((ip_nat_entry_common_t *) & ip_nat_udp_table[i]);
600*10465441SEvalZero }
601*10465441SEvalZero }
602*10465441SEvalZero
603*10465441SEvalZero /** Check if we want to perform NAT with this packet. If so, send it out on
604*10465441SEvalZero * the correct interface.
605*10465441SEvalZero *
606*10465441SEvalZero * @param p the packet to test/send
607*10465441SEvalZero * @return 1: the packet has been sent using NAT,
608*10465441SEvalZero * 0: the packet did not belong to a NAT entry
609*10465441SEvalZero */
610*10465441SEvalZero u8_t
ip_nat_out(struct pbuf * p)611*10465441SEvalZero ip_nat_out(struct pbuf *p)
612*10465441SEvalZero {
613*10465441SEvalZero u8_t sent = 0;
614*10465441SEvalZero err_t err;
615*10465441SEvalZero struct ip_hdr *iphdr = p->payload;
616*10465441SEvalZero struct icmp_echo_hdr *icmphdr;
617*10465441SEvalZero struct tcp_hdr *tcphdr;
618*10465441SEvalZero struct udp_hdr *udphdr;
619*10465441SEvalZero ip_nat_conf_t *nat_config;
620*10465441SEvalZero nat_entry_t nat_entry;
621*10465441SEvalZero int i;
622*10465441SEvalZero
623*10465441SEvalZero nat_entry.cmn = NULL;
624*10465441SEvalZero
625*10465441SEvalZero ip_nat_dbg_dump("ip_nat_out: checking nat for", iphdr);
626*10465441SEvalZero
627*10465441SEvalZero /* Check if this packet should be routed or should be translated */
628*10465441SEvalZero nat_config = ip_nat_shallnat(iphdr);
629*10465441SEvalZero if (nat_config != NULL ) {
630*10465441SEvalZero if (nat_config->entry.out_if == NULL) {
631*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_out: no external interface for nat table entry\n"));
632*10465441SEvalZero } else {
633*10465441SEvalZero switch (IPH_PROTO(iphdr))
634*10465441SEvalZero {
635*10465441SEvalZero case IP_PROTO_TCP:
636*10465441SEvalZero tcphdr = (struct tcp_hdr *)ip_nat_check_header(p, sizeof(struct tcp_hdr));
637*10465441SEvalZero if (tcphdr == NULL) {
638*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG,
639*10465441SEvalZero ("ip_nat_out: short tcp packet (%" U16_F " bytes) discarded\n", p->tot_len));
640*10465441SEvalZero } else {
641*10465441SEvalZero nat_entry.tcp = ip_nat_tcp_lookup_outgoing(nat_config, iphdr, tcphdr, 1);
642*10465441SEvalZero if (nat_entry.tcp != NULL) {
643*10465441SEvalZero /* Adjust TCP checksum for changing source port */
644*10465441SEvalZero tcphdr->src = nat_entry.tcp->nport;
645*10465441SEvalZero ip_nat_chksum_adjust((u8_t *)&(tcphdr->chksum),
646*10465441SEvalZero (u8_t *)&(nat_entry.tcp->sport), 2, (u8_t *)&(tcphdr->src), 2);
647*10465441SEvalZero /* Adjust TCP checksum for changing source IP address */
648*10465441SEvalZero ip_nat_chksum_adjust((u8_t *)&(tcphdr->chksum),
649*10465441SEvalZero (u8_t *)&(nat_entry.cmn->source.addr), 4,
650*10465441SEvalZero (u8_t *)&(nat_entry.cmn->cfg->entry.out_if->ip_addr.addr), 4);
651*10465441SEvalZero }
652*10465441SEvalZero }
653*10465441SEvalZero break;
654*10465441SEvalZero
655*10465441SEvalZero case IP_PROTO_UDP:
656*10465441SEvalZero udphdr = (struct udp_hdr *)ip_nat_check_header(p, sizeof(struct udp_hdr));
657*10465441SEvalZero if (udphdr == NULL) {
658*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG,
659*10465441SEvalZero ("ip_nat_out: short udp packet (%" U16_F " bytes) discarded\n", p->tot_len));
660*10465441SEvalZero } else {
661*10465441SEvalZero nat_entry.udp = ip_nat_udp_lookup_outgoing(nat_config, iphdr, udphdr, 1);
662*10465441SEvalZero if (nat_entry.udp != NULL) {
663*10465441SEvalZero /* Adjust UDP checksum for changing source port */
664*10465441SEvalZero udphdr->src = nat_entry.udp->nport;
665*10465441SEvalZero ip_nat_chksum_adjust((u8_t *)&(udphdr->chksum),
666*10465441SEvalZero (u8_t *)&(nat_entry.udp->sport), 2, (u8_t *) & (udphdr->src), 2);
667*10465441SEvalZero /* Adjust UDP checksum for changing source IP address */
668*10465441SEvalZero ip_nat_chksum_adjust((u8_t *)&(udphdr->chksum),
669*10465441SEvalZero (u8_t *)&(nat_entry.cmn->source.addr), 4,
670*10465441SEvalZero (u8_t *)&(nat_entry.cmn->cfg->entry.out_if->ip_addr.addr), 4);
671*10465441SEvalZero }
672*10465441SEvalZero }
673*10465441SEvalZero break;
674*10465441SEvalZero
675*10465441SEvalZero case IP_PROTO_ICMP:
676*10465441SEvalZero icmphdr = (struct icmp_echo_hdr *)ip_nat_check_header(p, sizeof(struct icmp_echo_hdr));
677*10465441SEvalZero if(icmphdr == NULL) {
678*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG,
679*10465441SEvalZero ("ip_nat_out: short icmp echo packet (%" U16_F " bytes) discarded\n", p->tot_len));
680*10465441SEvalZero } else {
681*10465441SEvalZero if (ICMPH_TYPE(icmphdr) == ICMP_ECHO) {
682*10465441SEvalZero for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_ICMP; i++) {
683*10465441SEvalZero if (!ip_nat_icmp_table[i].common.ttl) {
684*10465441SEvalZero nat_entry.icmp = &ip_nat_icmp_table[i];
685*10465441SEvalZero ip_nat_cmn_init(nat_config, iphdr, nat_entry.cmn);
686*10465441SEvalZero nat_entry.icmp->id = icmphdr->id;
687*10465441SEvalZero nat_entry.icmp->seqno = icmphdr->seqno;
688*10465441SEvalZero ip_nat_dbg_dump_icmp_nat_entry(" ip_nat_out: created new NAT entry ", nat_entry.icmp);
689*10465441SEvalZero break;
690*10465441SEvalZero }
691*10465441SEvalZero }
692*10465441SEvalZero if (NULL == nat_entry.icmp)
693*10465441SEvalZero {
694*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_out: no more NAT entries for ICMP available\n"));
695*10465441SEvalZero }
696*10465441SEvalZero }
697*10465441SEvalZero }
698*10465441SEvalZero break;
699*10465441SEvalZero default:
700*10465441SEvalZero break;
701*10465441SEvalZero }
702*10465441SEvalZero
703*10465441SEvalZero if (nat_entry.cmn != NULL) {
704*10465441SEvalZero struct netif *out_if = nat_entry.cmn->cfg->entry.out_if;
705*10465441SEvalZero /* Exchange the IP source address with the address of the interface
706*10465441SEvalZero * where the packet will be sent.
707*10465441SEvalZero */
708*10465441SEvalZero /* @todo: check nat_config->entry.out_if agains nat_entry.cmn->cfg->entry.out_if */
709*10465441SEvalZero iphdr->src.addr = nat_config->entry.out_if->ip_addr.addr;
710*10465441SEvalZero ip_nat_chksum_adjust((u8_t *) & IPH_CHKSUM(iphdr),
711*10465441SEvalZero (u8_t *) & (nat_entry.cmn->source.addr), 4, (u8_t *) & iphdr->src.addr, 4);
712*10465441SEvalZero
713*10465441SEvalZero ip_nat_dbg_dump("ip_nat_out: rewritten packet", iphdr);
714*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_out: sending packet on interface ("));
715*10465441SEvalZero ip_nat_dbg_dump_ip(&(out_if->ip_addr));
716*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (")\n"));
717*10465441SEvalZero
718*10465441SEvalZero err = out_if->output(out_if, p, (ip_addr_t *)&(iphdr->dest));
719*10465441SEvalZero if (err != ERR_OK) {
720*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG,
721*10465441SEvalZero ("ip_nat_out: failed to send rewritten packet. link layer returned %d\n", err));
722*10465441SEvalZero // rt_kprintf("ip_nat_out: failed to send rewritten packet. link layer returned %d\n", err);
723*10465441SEvalZero } else {
724*10465441SEvalZero sent = 1;
725*10465441SEvalZero }
726*10465441SEvalZero }
727*10465441SEvalZero }
728*10465441SEvalZero }
729*10465441SEvalZero
730*10465441SEvalZero return sent;
731*10465441SEvalZero }
732*10465441SEvalZero
733*10465441SEvalZero /** Initialize common parts of a NAT entry
734*10465441SEvalZero *
735*10465441SEvalZero * @param nat_config NAT config entry
736*10465441SEvalZero * @param iphdr IP header from which to initialize the entry
737*10465441SEvalZero * @param nat_entry entry to initialize
738*10465441SEvalZero */
739*10465441SEvalZero static void
ip_nat_cmn_init(ip_nat_conf_t * nat_config,const struct ip_hdr * iphdr,ip_nat_entry_common_t * nat_entry)740*10465441SEvalZero ip_nat_cmn_init(ip_nat_conf_t *nat_config, const struct ip_hdr *iphdr, ip_nat_entry_common_t *nat_entry)
741*10465441SEvalZero {
742*10465441SEvalZero LWIP_ASSERT("NULL != nat_entry", NULL != nat_entry);
743*10465441SEvalZero LWIP_ASSERT("NULL != nat_config", NULL != nat_config);
744*10465441SEvalZero LWIP_ASSERT("NULL != iphdr", NULL != iphdr);
745*10465441SEvalZero nat_entry->cfg = nat_config;
746*10465441SEvalZero nat_entry->dest = *((ip_addr_t *)&iphdr->dest);
747*10465441SEvalZero nat_entry->source = *((ip_addr_t *)&iphdr->src);
748*10465441SEvalZero nat_entry->ttl = LWIP_NAT_DEFAULT_TTL_SECONDS;
749*10465441SEvalZero }
750*10465441SEvalZero
751*10465441SEvalZero /**
752*10465441SEvalZero * This function checks for incoming packets if we already have a NAT entry.
753*10465441SEvalZero * If yes a pointer to the NAT entry is returned. Otherwise NULL.
754*10465441SEvalZero *
755*10465441SEvalZero * @param nat_config NAT configuration.
756*10465441SEvalZero * @param iphdr The IP header.
757*10465441SEvalZero * @param udphdr The UDP header.
758*10465441SEvalZero * @return A pointer to an existing NAT entry or
759*10465441SEvalZero * NULL if none is found.
760*10465441SEvalZero */
761*10465441SEvalZero static ip_nat_entries_udp_t *
ip_nat_udp_lookup_incoming(const struct ip_hdr * iphdr,const struct udp_hdr * udphdr)762*10465441SEvalZero ip_nat_udp_lookup_incoming(const struct ip_hdr *iphdr, const struct udp_hdr *udphdr)
763*10465441SEvalZero {
764*10465441SEvalZero int i;
765*10465441SEvalZero ip_nat_entries_udp_t *nat_entry = NULL;
766*10465441SEvalZero
767*10465441SEvalZero for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_UDP; i++) {
768*10465441SEvalZero if (ip_nat_udp_table[i].common.ttl) {
769*10465441SEvalZero if ((iphdr->src.addr == ip_nat_udp_table[i].common.dest.addr) &&
770*10465441SEvalZero (udphdr->src == ip_nat_udp_table[i].dport) &&
771*10465441SEvalZero (udphdr->dest == ip_nat_udp_table[i].nport)) {
772*10465441SEvalZero nat_entry = &ip_nat_udp_table[i];
773*10465441SEvalZero ip_nat_dbg_dump_udp_nat_entry("ip_nat_udp_lookup_incoming: found existing nat entry: ",
774*10465441SEvalZero nat_entry);
775*10465441SEvalZero break;
776*10465441SEvalZero }
777*10465441SEvalZero }
778*10465441SEvalZero }
779*10465441SEvalZero return nat_entry;
780*10465441SEvalZero }
781*10465441SEvalZero
782*10465441SEvalZero /**
783*10465441SEvalZero * This function checks if we already have a NAT entry for this UDP connection.
784*10465441SEvalZero * If yes the a pointer to this NAT entry is returned.
785*10465441SEvalZero *
786*10465441SEvalZero * @param iphdr The IP header.
787*10465441SEvalZero * @param udphdr The UDP header.
788*10465441SEvalZero * @param allocate If no existing NAT entry is found and this flag is true
789*10465441SEvalZero * a NAT entry is allocated.
790*10465441SEvalZero */
791*10465441SEvalZero static ip_nat_entries_udp_t *
ip_nat_udp_lookup_outgoing(ip_nat_conf_t * nat_config,const struct ip_hdr * iphdr,const struct udp_hdr * udphdr,u8_t allocate)792*10465441SEvalZero ip_nat_udp_lookup_outgoing(ip_nat_conf_t *nat_config, const struct ip_hdr *iphdr,
793*10465441SEvalZero const struct udp_hdr *udphdr, u8_t allocate)
794*10465441SEvalZero {
795*10465441SEvalZero int i;
796*10465441SEvalZero nat_entry_t nat_entry;
797*10465441SEvalZero int last_free = -1;
798*10465441SEvalZero
799*10465441SEvalZero nat_entry.cmn = NULL;
800*10465441SEvalZero for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_UDP; i++) {
801*10465441SEvalZero if (ip_nat_udp_table[i].common.ttl) {
802*10465441SEvalZero if ((iphdr->src.addr == ip_nat_udp_table[i].common.source.addr) &&
803*10465441SEvalZero (iphdr->dest.addr == ip_nat_udp_table[i].common.dest.addr) &&
804*10465441SEvalZero (udphdr->src == ip_nat_udp_table[i].sport) &&
805*10465441SEvalZero (udphdr->dest == ip_nat_udp_table[i].dport)) {
806*10465441SEvalZero nat_entry.udp = &ip_nat_udp_table[i];
807*10465441SEvalZero
808*10465441SEvalZero ip_nat_dbg_dump_udp_nat_entry("ip_nat_udp_lookup_outgoing: found existing nat entry: ",
809*10465441SEvalZero nat_entry.udp);
810*10465441SEvalZero break;
811*10465441SEvalZero }
812*10465441SEvalZero } else {
813*10465441SEvalZero last_free = i;
814*10465441SEvalZero }
815*10465441SEvalZero }
816*10465441SEvalZero if (nat_entry.cmn == NULL) {
817*10465441SEvalZero if (allocate) {
818*10465441SEvalZero if (last_free != -1) {
819*10465441SEvalZero nat_entry.udp = &ip_nat_udp_table[last_free];
820*10465441SEvalZero nat_entry.udp->nport = htons((u16_t) (LWIP_NAT_DEFAULT_UDP_SOURCE_PORT + i));
821*10465441SEvalZero nat_entry.udp->sport = udphdr->src;
822*10465441SEvalZero nat_entry.udp->dport = udphdr->dest;
823*10465441SEvalZero ip_nat_cmn_init(nat_config, iphdr, nat_entry.cmn);
824*10465441SEvalZero
825*10465441SEvalZero ip_nat_dbg_dump_udp_nat_entry("ip_nat_udp_lookup_outgoing: created new nat entry: ",
826*10465441SEvalZero nat_entry.udp);
827*10465441SEvalZero } else {
828*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_udp_lookup_outgoing: no more NAT entries available\n"));
829*10465441SEvalZero // rt_kprintf("ip_nat_udp_lookup_outgoing: no more NAT entries available\n");
830*10465441SEvalZero }
831*10465441SEvalZero }
832*10465441SEvalZero }
833*10465441SEvalZero return nat_entry.udp;
834*10465441SEvalZero }
835*10465441SEvalZero
836*10465441SEvalZero /**
837*10465441SEvalZero * This function checks for incoming packets if we already have a NAT entry.
838*10465441SEvalZero * If yes a pointer to the NAT entry is returned. Otherwise NULL.
839*10465441SEvalZero *
840*10465441SEvalZero * @param nat_config NAT configuration.
841*10465441SEvalZero * @param iphdr The IP header.
842*10465441SEvalZero * @param tcphdr The TCP header.
843*10465441SEvalZero * @return A pointer to an existing NAT entry or NULL if none is found.
844*10465441SEvalZero */
845*10465441SEvalZero static ip_nat_entries_tcp_t *
ip_nat_tcp_lookup_incoming(const struct ip_hdr * iphdr,const struct tcp_hdr * tcphdr)846*10465441SEvalZero ip_nat_tcp_lookup_incoming(const struct ip_hdr *iphdr, const struct tcp_hdr *tcphdr)
847*10465441SEvalZero {
848*10465441SEvalZero int i;
849*10465441SEvalZero ip_nat_entries_tcp_t *nat_entry = NULL;
850*10465441SEvalZero
851*10465441SEvalZero for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_TCP; i++) {
852*10465441SEvalZero if (ip_nat_tcp_table[i].common.ttl) {
853*10465441SEvalZero if ((iphdr->src.addr == ip_nat_tcp_table[i].common.dest.addr) &&
854*10465441SEvalZero (tcphdr->src == ip_nat_tcp_table[i].dport) &&
855*10465441SEvalZero (tcphdr->dest == ip_nat_tcp_table[i].nport)) {
856*10465441SEvalZero nat_entry = &ip_nat_tcp_table[i];
857*10465441SEvalZero
858*10465441SEvalZero ip_nat_dbg_dump_tcp_nat_entry("ip_nat_tcp_lookup_incoming: found existing nat entry: ",
859*10465441SEvalZero nat_entry);
860*10465441SEvalZero break;
861*10465441SEvalZero }
862*10465441SEvalZero }
863*10465441SEvalZero }
864*10465441SEvalZero return nat_entry;
865*10465441SEvalZero }
866*10465441SEvalZero
867*10465441SEvalZero /**
868*10465441SEvalZero * This function checks if we already have a NAT entry for this TCP connection.
869*10465441SEvalZero * If yes the a pointer to this NAT entry is returned.
870*10465441SEvalZero *
871*10465441SEvalZero * @param iphdr The IP header.
872*10465441SEvalZero * @param tcphdr The TCP header.
873*10465441SEvalZero * @param allocate If no existing NAT entry is found and this flag is true
874*10465441SEvalZero * a NAT entry is allocated.
875*10465441SEvalZero */
876*10465441SEvalZero static ip_nat_entries_tcp_t *
ip_nat_tcp_lookup_outgoing(ip_nat_conf_t * nat_config,const struct ip_hdr * iphdr,const struct tcp_hdr * tcphdr,u8_t allocate)877*10465441SEvalZero ip_nat_tcp_lookup_outgoing(ip_nat_conf_t *nat_config, const struct ip_hdr *iphdr,
878*10465441SEvalZero const struct tcp_hdr *tcphdr, u8_t allocate)
879*10465441SEvalZero {
880*10465441SEvalZero int i;
881*10465441SEvalZero nat_entry_t nat_entry;
882*10465441SEvalZero int last_free = -1;
883*10465441SEvalZero
884*10465441SEvalZero nat_entry.cmn = NULL;
885*10465441SEvalZero for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_TCP; i++) {
886*10465441SEvalZero if (ip_nat_tcp_table[i].common.ttl) {
887*10465441SEvalZero if ((iphdr->src.addr == ip_nat_tcp_table[i].common.source.addr) &&
888*10465441SEvalZero (iphdr->dest.addr == ip_nat_tcp_table[i].common.dest.addr) &&
889*10465441SEvalZero (tcphdr->src == ip_nat_tcp_table[i].sport) &&
890*10465441SEvalZero (tcphdr->dest == ip_nat_tcp_table[i].dport)) {
891*10465441SEvalZero nat_entry.tcp = &ip_nat_tcp_table[i];
892*10465441SEvalZero
893*10465441SEvalZero ip_nat_dbg_dump_tcp_nat_entry("ip_nat_tcp_lookup_outgoing: found existing nat entry: ",
894*10465441SEvalZero nat_entry.tcp);
895*10465441SEvalZero break;
896*10465441SEvalZero }
897*10465441SEvalZero } else {
898*10465441SEvalZero last_free = i;
899*10465441SEvalZero }
900*10465441SEvalZero }
901*10465441SEvalZero if (nat_entry.cmn == NULL) {
902*10465441SEvalZero if (allocate) {
903*10465441SEvalZero if (last_free != -1) {
904*10465441SEvalZero nat_entry.tcp = &ip_nat_tcp_table[last_free];
905*10465441SEvalZero nat_entry.tcp->nport = htons((u16_t) (LWIP_NAT_DEFAULT_TCP_SOURCE_PORT + i));
906*10465441SEvalZero nat_entry.tcp->sport = tcphdr->src;
907*10465441SEvalZero nat_entry.tcp->dport = tcphdr->dest;
908*10465441SEvalZero ip_nat_cmn_init(nat_config, iphdr, nat_entry.cmn);
909*10465441SEvalZero
910*10465441SEvalZero ip_nat_dbg_dump_tcp_nat_entry("ip_nat_tcp_lookup_outgoing: created new nat entry: ",
911*10465441SEvalZero nat_entry.tcp);
912*10465441SEvalZero } else {
913*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_udp_lookup_outgoing: no more NAT entries available\n"));
914*10465441SEvalZero // rt_kprintf("ip_nat_udp_lookup_outgoing: no more NAT entries available\n");
915*10465441SEvalZero }
916*10465441SEvalZero }
917*10465441SEvalZero }
918*10465441SEvalZero return nat_entry.tcp;
919*10465441SEvalZero }
920*10465441SEvalZero
921*10465441SEvalZero /** Adjusts the checksum of a NAT'ed packet without having to completely recalculate it
922*10465441SEvalZero * @todo: verify this works for little- and big-endian
923*10465441SEvalZero *
924*10465441SEvalZero * @param chksum points to the chksum in the packet
925*10465441SEvalZero * @param optr points to the old data in the packet
926*10465441SEvalZero * @param olen length of old data
927*10465441SEvalZero * @param nptr points to the new data in the packet
928*10465441SEvalZero * @param nlen length of new data
929*10465441SEvalZero */
930*10465441SEvalZero static void
ip_nat_chksum_adjust(u8_t * chksum,const u8_t * optr,s16_t olen,const u8_t * nptr,s16_t nlen)931*10465441SEvalZero ip_nat_chksum_adjust(u8_t *chksum, const u8_t *optr, s16_t olen, const u8_t *nptr, s16_t nlen)
932*10465441SEvalZero {
933*10465441SEvalZero s32_t x, oldval, newval;
934*10465441SEvalZero
935*10465441SEvalZero LWIP_ASSERT("NULL != chksum", NULL != chksum);
936*10465441SEvalZero LWIP_ASSERT("NULL != optr", NULL != optr);
937*10465441SEvalZero LWIP_ASSERT("NULL != nptr", NULL != nptr);
938*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_chksum_adjust: chksum=%p, optr=%p, olen=%" U16_F ", nptr=%p, nlen=%" U16_F "\n",
939*10465441SEvalZero chksum, optr, olen, nptr, nlen));
940*10465441SEvalZero x = chksum[0] * 256 + chksum[1];
941*10465441SEvalZero x = ~x & 0xFFFF;
942*10465441SEvalZero while (olen) {
943*10465441SEvalZero oldval = optr[0] * 256 + optr[1];
944*10465441SEvalZero optr += 2;
945*10465441SEvalZero x -= oldval & 0xffff;
946*10465441SEvalZero if (x <= 0) {
947*10465441SEvalZero x--;
948*10465441SEvalZero x &= 0xffff;
949*10465441SEvalZero }
950*10465441SEvalZero olen -= 2;
951*10465441SEvalZero }
952*10465441SEvalZero while (nlen) {
953*10465441SEvalZero newval = nptr[0] * 256 + nptr[1];
954*10465441SEvalZero nptr += 2;
955*10465441SEvalZero x += newval & 0xffff;
956*10465441SEvalZero if (x & 0x10000) {
957*10465441SEvalZero x++;
958*10465441SEvalZero x &= 0xffff;
959*10465441SEvalZero }
960*10465441SEvalZero nlen -= 2;
961*10465441SEvalZero }
962*10465441SEvalZero x = ~x & 0xFFFF;
963*10465441SEvalZero chksum[0] = x / 256;
964*10465441SEvalZero chksum[1] = x & 0xff;
965*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_chksum_adjust: chksum = 0x%x\n", *((u16_t *) chksum)));
966*10465441SEvalZero }
967*10465441SEvalZero
968*10465441SEvalZero #if defined(LWIP_DEBUG) && (LWIP_NAT_DEBUG & LWIP_DBG_ON)
969*10465441SEvalZero /**
970*10465441SEvalZero * This function dumps an IP address
971*10465441SEvalZero *
972*10465441SEvalZero * @param addr IP address
973*10465441SEvalZero */
974*10465441SEvalZero static void
ip_nat_dbg_dump_ip(const ip_addr_t * addr)975*10465441SEvalZero ip_nat_dbg_dump_ip(const ip_addr_t *addr)
976*10465441SEvalZero {
977*10465441SEvalZero LWIP_ASSERT("NULL != addr", NULL != addr);
978*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("%" U16_F ".%" U16_F ".%" U16_F ".%" U16_F,
979*10465441SEvalZero ip4_addr1(addr), ip4_addr2(addr), ip4_addr3(addr), ip4_addr4(addr)));
980*10465441SEvalZero }
981*10465441SEvalZero
982*10465441SEvalZero /**
983*10465441SEvalZero * This function dumps an IP header
984*10465441SEvalZero *
985*10465441SEvalZero * @param msg a message to print
986*10465441SEvalZero * @param iphdr IP header
987*10465441SEvalZero */
988*10465441SEvalZero static void
ip_nat_dbg_dump(const char * msg,const struct ip_hdr * iphdr)989*10465441SEvalZero ip_nat_dbg_dump(const char *msg, const struct ip_hdr *iphdr)
990*10465441SEvalZero {
991*10465441SEvalZero LWIP_ASSERT("NULL != msg", NULL != msg);
992*10465441SEvalZero LWIP_ASSERT("NULL != iphdr", NULL != iphdr);
993*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("%s: IP: (", msg));
994*10465441SEvalZero ip_nat_dbg_dump_ip((ip_addr_t *)&(iphdr->src));
995*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> "));
996*10465441SEvalZero ip_nat_dbg_dump_ip((ip_addr_t *)&(iphdr->dest));
997*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (" id=%" U16_F ", chksum=%" U16_F ")\n",
998*10465441SEvalZero ntohs(IPH_ID(iphdr)), ntohs(IPH_CHKSUM(iphdr))));
999*10465441SEvalZero }
1000*10465441SEvalZero
1001*10465441SEvalZero /**
1002*10465441SEvalZero * This function dumps an ICMP echo reply/recho request nat entry.
1003*10465441SEvalZero *
1004*10465441SEvalZero * @param msg a message to print
1005*10465441SEvalZero * @param nat_entry the ICMP NAT entry to print
1006*10465441SEvalZero */
1007*10465441SEvalZero static void
ip_nat_dbg_dump_icmp_nat_entry(const char * msg,const ip_nat_entries_icmp_t * nat_entry)1008*10465441SEvalZero ip_nat_dbg_dump_icmp_nat_entry(const char *msg, const ip_nat_entries_icmp_t *nat_entry)
1009*10465441SEvalZero {
1010*10465441SEvalZero LWIP_ASSERT("NULL != msg", NULL != msg);
1011*10465441SEvalZero LWIP_ASSERT("NULL != nat_entry", NULL != nat_entry);
1012*10465441SEvalZero LWIP_ASSERT("NULL != nat_entry->common.cfg", NULL != nat_entry->common.cfg);
1013*10465441SEvalZero LWIP_ASSERT("NULL != nat_entry->common.cfg->entry.out_if",
1014*10465441SEvalZero NULL != nat_entry->common.cfg->entry.out_if);
1015*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("%s", msg));
1016*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ICMP : ("));
1017*10465441SEvalZero ip_nat_dbg_dump_ip(&(nat_entry->common.source));
1018*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> "));
1019*10465441SEvalZero ip_nat_dbg_dump_ip(&(nat_entry->common.dest));
1020*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (" id=%" U16_F, ntohs(nat_entry->id)));
1021*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (", seq=%" U16_F, ntohs(nat_entry->seqno)));
1022*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (") mapped at ("));
1023*10465441SEvalZero ip_nat_dbg_dump_ip(&(nat_entry->common.cfg->entry.out_if->ip_addr));
1024*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> "));
1025*10465441SEvalZero ip_nat_dbg_dump_ip(&(nat_entry->common.dest));
1026*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (" id=%" U16_F, ntohs(nat_entry->id)));
1027*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (", seq=%" U16_F, ntohs(nat_entry->seqno)));
1028*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (")\n"));
1029*10465441SEvalZero }
1030*10465441SEvalZero
1031*10465441SEvalZero /**
1032*10465441SEvalZero * This function dumps an TCP nat entry.
1033*10465441SEvalZero *
1034*10465441SEvalZero * @param msg a message to print
1035*10465441SEvalZero * @param nat_entry the TCP NAT entry to print
1036*10465441SEvalZero */
1037*10465441SEvalZero static void
ip_nat_dbg_dump_tcp_nat_entry(const char * msg,const ip_nat_entries_tcp_t * nat_entry)1038*10465441SEvalZero ip_nat_dbg_dump_tcp_nat_entry(const char *msg, const ip_nat_entries_tcp_t *nat_entry)
1039*10465441SEvalZero {
1040*10465441SEvalZero LWIP_ASSERT("NULL != msg", NULL != msg);
1041*10465441SEvalZero LWIP_ASSERT("NULL != nat_entry", NULL != nat_entry);
1042*10465441SEvalZero LWIP_ASSERT("NULL != nat_entry->common.cfg", NULL != nat_entry->common.cfg);
1043*10465441SEvalZero LWIP_ASSERT("NULL != nat_entry->common.cfg->entry.out_if",
1044*10465441SEvalZero NULL != nat_entry->common.cfg->entry.out_if);
1045*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("%s", msg));
1046*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("TCP : ("));
1047*10465441SEvalZero ip_nat_dbg_dump_ip(&(nat_entry->common.source));
1048*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (":%" U16_F, ntohs(nat_entry->sport)));
1049*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> "));
1050*10465441SEvalZero ip_nat_dbg_dump_ip(&(nat_entry->common.dest));
1051*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (":%" U16_F, ntohs(nat_entry->dport)));
1052*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (") mapped at ("));
1053*10465441SEvalZero ip_nat_dbg_dump_ip(&(nat_entry->common.cfg->entry.out_if->ip_addr));
1054*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (":%" U16_F, ntohs(nat_entry->nport)));
1055*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> "));
1056*10465441SEvalZero ip_nat_dbg_dump_ip(&(nat_entry->common.dest));
1057*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (":%" U16_F, ntohs(nat_entry->dport)));
1058*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (")\n"));
1059*10465441SEvalZero }
1060*10465441SEvalZero
1061*10465441SEvalZero /**
1062*10465441SEvalZero * This function dumps a UDP NAT entry.
1063*10465441SEvalZero *
1064*10465441SEvalZero * @param msg a message to print
1065*10465441SEvalZero * @param nat_entry the UDP NAT entry to print
1066*10465441SEvalZero */
1067*10465441SEvalZero static void
ip_nat_dbg_dump_udp_nat_entry(const char * msg,const ip_nat_entries_udp_t * nat_entry)1068*10465441SEvalZero ip_nat_dbg_dump_udp_nat_entry(const char *msg, const ip_nat_entries_udp_t *nat_entry)
1069*10465441SEvalZero {
1070*10465441SEvalZero LWIP_ASSERT("NULL != msg", NULL != msg);
1071*10465441SEvalZero LWIP_ASSERT("NULL != nat_entry", NULL != nat_entry);
1072*10465441SEvalZero LWIP_ASSERT("NULL != nat_entry->common.cfg", NULL != nat_entry->common.cfg);
1073*10465441SEvalZero LWIP_ASSERT("NULL != nat_entry->common.cfg->entry.out_if",
1074*10465441SEvalZero NULL != nat_entry->common.cfg->entry.out_if);
1075*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("%s", msg));
1076*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("UDP : ("));
1077*10465441SEvalZero ip_nat_dbg_dump_ip(&(nat_entry->common.source));
1078*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (":%" U16_F, ntohs(nat_entry->sport)));
1079*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> "));
1080*10465441SEvalZero ip_nat_dbg_dump_ip(&(nat_entry->common.dest));
1081*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (":%" U16_F, ntohs(nat_entry->dport)));
1082*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (") mapped at ("));
1083*10465441SEvalZero ip_nat_dbg_dump_ip(&(nat_entry->common.cfg->entry.out_if->ip_addr));
1084*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (":%" U16_F, ntohs(nat_entry->nport)));
1085*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> "));
1086*10465441SEvalZero ip_nat_dbg_dump_ip(&(nat_entry->common.dest));
1087*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (":%" U16_F, ntohs(nat_entry->dport)));
1088*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (")\n"));
1089*10465441SEvalZero }
1090*10465441SEvalZero
1091*10465441SEvalZero /** Prints some info when creating a new NAT entry */
1092*10465441SEvalZero static void
ip_nat_dbg_dump_init(ip_nat_conf_t * ip_nat_cfg_new)1093*10465441SEvalZero ip_nat_dbg_dump_init(ip_nat_conf_t *ip_nat_cfg_new)
1094*10465441SEvalZero {
1095*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_init: added new NAT interface\n"));
1096*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_init: "));
1097*10465441SEvalZero ip_nat_dbg_dump_ip(&(ip_nat_cfg_new->entry.source_net));
1098*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("/"));
1099*10465441SEvalZero ip_nat_dbg_dump_ip(&(ip_nat_cfg_new->entry.source_netmask));
1100*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("@"));
1101*10465441SEvalZero ip_nat_dbg_dump_ip(&(ip_nat_cfg_new->entry.in_if->ip_addr));
1102*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> "));
1103*10465441SEvalZero ip_nat_dbg_dump_ip(&(ip_nat_cfg_new->entry.dest_net));
1104*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("/"));
1105*10465441SEvalZero ip_nat_dbg_dump_ip(&(ip_nat_cfg_new->entry.dest_netmask));
1106*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("@"));
1107*10465441SEvalZero ip_nat_dbg_dump_ip(&(ip_nat_cfg_new->entry.out_if->ip_addr));
1108*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("\n"));
1109*10465441SEvalZero }
1110*10465441SEvalZero
1111*10465441SEvalZero /** Prints some info when removing a NAT entry */
1112*10465441SEvalZero static void
ip_nat_dbg_dump_remove(ip_nat_conf_t * cur)1113*10465441SEvalZero ip_nat_dbg_dump_remove(ip_nat_conf_t *cur)
1114*10465441SEvalZero {
1115*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_remove: removing existing NAT interface\n"));
1116*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_remove: "));
1117*10465441SEvalZero ip_nat_dbg_dump_ip(&(cur->entry.source_net));
1118*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("/"));
1119*10465441SEvalZero ip_nat_dbg_dump_ip(&(cur->entry.source_netmask));
1120*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("@"));
1121*10465441SEvalZero ip_nat_dbg_dump_ip(&(cur->entry.in_if->ip_addr));
1122*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> "));
1123*10465441SEvalZero ip_nat_dbg_dump_ip(&(cur->entry.dest_net));
1124*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("/"));
1125*10465441SEvalZero ip_nat_dbg_dump_ip(&(cur->entry.dest_netmask));
1126*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("@"));
1127*10465441SEvalZero ip_nat_dbg_dump_ip(&(cur->entry.out_if->ip_addr));
1128*10465441SEvalZero LWIP_DEBUGF(LWIP_NAT_DEBUG, ("\n"));
1129*10465441SEvalZero }
1130*10465441SEvalZero #endif /* defined(LWIP_DEBUG) && (LWIP_NAT_DEBUG & LWIP_DBG_ON) */
1131*10465441SEvalZero
1132*10465441SEvalZero #endif /* IP_NAT */
1133