diff --git a/CHANGELOG b/CHANGELOG index 77da0cff..bb5d8fcb 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -13,6 +13,9 @@ HISTORY ++ New features: + 2010-05-05: Simon Goldschmidt (Christian Walter) + * ip_nat.h/.c, opt.h, ip.c, timers.c: task #7506: added NAT support + 2010-05-02: Simon Goldschmidt * netbuf.h/.c, sockets.c, api_msg.c: use checksum-on-copy for sending UDP data for LWIP_NETIF_TX_SINGLE_PBUF==1 diff --git a/src/core/ipv4/ip.c b/src/core/ipv4/ip.c index e780175d..65d4d942 100644 --- a/src/core/ipv4/ip.c +++ b/src/core/ipv4/ip.c @@ -43,6 +43,7 @@ #include "lwip/def.h" #include "lwip/mem.h" #include "lwip/ip_frag.h" +#include "lwip/ip_nat.h" #include "lwip/inet_chksum.h" #include "lwip/netif.h" #include "lwip/icmp.h" @@ -377,15 +378,30 @@ ip_input(struct pbuf *p, struct netif *inp) /* packet not for us? */ if (netif == NULL) { +#if IP_FORWARD || IP_NAT + u8_t taken = 0; +#endif /* IP_FORWARD || IP_NAT */ /* packet not for us, route or discard */ LWIP_DEBUGF(IP_DEBUG | LWIP_DBG_TRACE, ("ip_input: packet not for us.\n")); -#if IP_FORWARD +#if IP_FORWARD || IP_NAT /* non-broadcast packet? */ if (!ip_addr_isbroadcast(&(iphdr->dest), inp)) { - /* try to forward IP packet on (other) interfaces */ - ip_forward(p, iphdr, inp); - } else +#if IP_NAT + /* check if we want to perform NAT with this packet. */ + taken = ip_nat_out(p); + if (!taken) +#endif /* IP_NAT */ + { +#if IP_FORWARD + /* try to forward IP packet on (other) interfaces */ + if (ip_forward(p, iphdr, inp) != NULL) { + taken = 1; + } #endif /* IP_FORWARD */ + } + } + if (!taken) +#endif /* IP_FORWARD || IP_NAT */ { snmp_inc_ipinaddrerrors(); snmp_inc_ipindiscards(); @@ -443,6 +459,12 @@ ip_input(struct pbuf *p, struct netif *inp) current_netif = inp; current_header = iphdr; +#if IP_NAT + if (!ip_addr_isbroadcast(&(iphdr->dest), inp) && + (ip_nat_input(p) != 0)) { + LWIP_DEBUGF(IP_DEBUG, ("ip_input: packet consumed by nat layer\n")); + } else +#endif /* IP_NAT */ #if LWIP_RAW /* raw input did not eat the packet? */ if (raw_input(p, inp) == 0) diff --git a/src/core/ipv4/ip_nat.c b/src/core/ipv4/ip_nat.c new file mode 100644 index 00000000..ac1ab1a6 --- /dev/null +++ b/src/core/ipv4/ip_nat.c @@ -0,0 +1,1097 @@ +/** + * NAT - NAT implementation for lwIP supporting TCP/UDP and ICMP. + * Copyright (c) 2009 Christian Walter, © Embedded Solutions, Vienna 2009. + * + * Copyright (c) 2010 lwIP project ;-) + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT + * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT + * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + * + * This file is part of the lwIP TCP/IP stack. + */ + +/* + * TODOS: + * - we should decide if we want to use static tables for NAT or a linked + * list. + * - we should allocate icmp ping id if multiple clients are sending + * ping requests. + * - maybe we could hash the identifiers for TCP, ICMP and UDP and use + * a single table structure. This would reduce the code amount although + * it will cost performance. + * - NAT code must check for broadcast addresses and NOT forward + * them. + * + * - netif_remove must notify NAT code when a NAT'ed interface is removed + * - free NAT entries on remove? + * - allocate NAT entries from a new memp pool instead of the heap + * - let ttl be ticks, not seconds + * + * HOWTO USE: + * + * Shows how to create NAT between a PPP interface and an internal NIC. + * In this case the network 213.129.231.168/29 is nat'ed when packets + * are sent to the destination network 10.0.0.0/24 (untypical example - + * most users will have the other way around). + * + * Step 1) Execute when network interfaces are ready. + * + * new_nat_entry.out_if = (struct netif *)&PPP_IF; + * new_nat_entry.in_if = (struct netif *)&EMAC_if; + * IP4_ADDR(&new_nat_entry.source_net, 213, 129, 231, 168); + * IP4_ADDR(&new_nat_entry.source_netmask, 255, 255, 255, 248); + * IP4_ADDR(&new_nat_entry.dest_net, 10, 0, 0, 0); + * IP4_ADDR(&new_nat_entry.source_netmask, 255, 0, 0, 0); + * ip_nat_add(&new_nat_entry); + */ + +#include "lwip/ip_nat.h" + +#include "lwip/opt.h" + +#if IP_NAT + +#include "lwip/ip.h" +#include "lwip/inet.h" +#include "lwip/netif.h" +#include "lwip/ip_addr.h" +#include "lwip/icmp.h" +#include "lwip/tcp_impl.h" +#include "lwip/udp.h" +#include "lwip/mem.h" +#include "lwip/sys.h" +#include "netif/etharp.h" + +#include +#include + +/** Define this to enable debug output of this module */ +#ifndef LWIP_NAT_DEBUG +#define LWIP_NAT_DEBUG LWIP_DBG_OFF +#endif + + +#define LWIP_NAT_TTL_INFINITE (INT_MAX) +#define LWIP_NAT_DEFAULT_TTL_SECONDS (60) +#define LWIP_NAT_FORWARD_HEADER_SIZE_MIN (sizeof(struct eth_hdr)) +#define LWIP_NAT_DEFAULT_STATE_TABLES_ICMP (2) +#define LWIP_NAT_DEFAULT_STATE_TABLES_TCP (16) +#define LWIP_NAT_DEFAULT_STATE_TABLES_UDP (16) + +#define LWIP_NAT_DEFAULT_TCP_SOURCE_PORT (40000) +#define LWIP_NAT_DEFAULT_UDP_SOURCE_PORT (40000) + +#define IPNAT_ENTRY_RESET(x) do { \ + (x)->ttl = 0; \ +} while(0) + +typedef struct ip_nat_conf +{ + struct ip_nat_conf *next; + ip_nat_entry_t entry; +} ip_nat_conf_t; + +typedef struct ip_nat_entry_common +{ + s32_t ttl; /* @todo: do we really need this to be signed?? */ + ip_addr_t source; + ip_addr_t dest; + ip_nat_conf_t *cfg; +} ip_nat_entry_common_t; + +typedef struct ip_nat_entries_icmp +{ + ip_nat_entry_common_t common; + u16_t id; + u16_t seqno; +} ip_nat_entries_icmp_t; + +typedef struct ip_nat_entries_tcp +{ + ip_nat_entry_common_t common; + u16_t nport; + u16_t sport; + u16_t dport; +} ip_nat_entries_tcp_t; + +typedef struct ip_nat_entries_udp +{ + ip_nat_entry_common_t common; + u16_t nport; + u16_t sport; + u16_t dport; +} ip_nat_entries_udp_t; + +typedef union u_nat_entry +{ + ip_nat_entry_common_t *cmn; + ip_nat_entries_tcp_t *tcp; + ip_nat_entries_icmp_t *icmp; + ip_nat_entries_udp_t *udp; +} nat_entry_t; + + +static ip_nat_conf_t *ip_nat_cfg = NULL; +static ip_nat_entries_icmp_t ip_nat_icmp_table[LWIP_NAT_DEFAULT_STATE_TABLES_ICMP]; +static ip_nat_entries_tcp_t ip_nat_tcp_table[LWIP_NAT_DEFAULT_STATE_TABLES_TCP]; +static ip_nat_entries_udp_t ip_nat_udp_table[LWIP_NAT_DEFAULT_STATE_TABLES_UDP]; + +/* ----------------------- Static functions (COMMON) --------------------*/ +static void ip_nat_chksum_adjust(u8_t *chksum, const u8_t *optr, s16_t olen, const u8_t *nptr, s16_t nlen); +static void ip_nat_cmn_init(ip_nat_conf_t *nat_config, const struct ip_hdr *iphdr, + ip_nat_entry_common_t *nat_entry); +static ip_nat_conf_t *ip_nat_shallnat(const struct ip_hdr *iphdr); +static void ip_nat_reset_state(ip_nat_conf_t *cfg); + +/* ----------------------- Static functions (DEBUG) ---------------------*/ +#if defined(LWIP_DEBUG) && (LWIP_NAT_DEBUG & LWIP_DBG_ON) +static void ip_nat_dbg_dump(const char *msg, const struct ip_hdr *iphdr); +static void ip_nat_dbg_dump_ip(const ip_addr_t *addr); +static void ip_nat_dbg_dump_icmp_nat_entry(const char *msg, const ip_nat_entries_icmp_t *nat_entry); +static void ip_nat_dbg_dump_tcp_nat_entry(const char *msg, const ip_nat_entries_tcp_t *nat_entry); +static void ip_nat_dbg_dump_udp_nat_entry(const char *msg, const ip_nat_entries_udp_t *nat_entry); +static void ip_nat_dbg_dump_init(ip_nat_conf_t *ip_nat_cfg_new); +static void ip_nat_dbg_dump_remove(ip_nat_conf_t *cur); +#else /* defined(LWIP_DEBUG) && (LWIP_NAT_DEBUG & LWIP_DBG_ON) */ +#define ip_nat_dbg_dump(msg, iphdr) +#define ip_nat_dbg_dump_ip(addr) +#define ip_nat_dbg_dump_icmp_nat_entry(msg, nat_entry) +#define ip_nat_dbg_dump_tcp_nat_entry(msg, nat_entry) +#define ip_nat_dbg_dump_udp_nat_entry(msg, nat_entry) +#define ip_nat_dbg_dump_init(ip_nat_cfg_new) +#define ip_nat_dbg_dump_remove(cur) +#endif /* defined(LWIP_DEBUG) && (LWIP_NAT_DEBUG & LWIP_DBG_ON) */ + +/* ----------------------- Static functions (TCP) -----------------------*/ +static ip_nat_entries_tcp_t *ip_nat_tcp_lookup_incoming(const struct ip_hdr *iphdr, const struct tcp_hdr *tcphdr); +static ip_nat_entries_tcp_t *ip_nat_tcp_lookup_outgoing(ip_nat_conf_t *nat_config, + const struct ip_hdr *iphdr, const struct tcp_hdr *tcphdr, + u8_t allocate); + +/* ----------------------- Static functions (UDP) -----------------------*/ +static ip_nat_entries_udp_t *ip_nat_udp_lookup_incoming(const struct ip_hdr *iphdr, const struct udp_hdr *udphdr); +static ip_nat_entries_udp_t *ip_nat_udp_lookup_outgoing(ip_nat_conf_t *nat_config, + const struct ip_hdr *iphdr, const struct udp_hdr *udphdr, + u8_t allocate); + +/** Initialize this module */ +void +ip_nat_init(void) +{ + int i; + + /* @todo: this can be omitted since we trust static variables + to be initialized to zero */ + for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_ICMP; i++) { + IPNAT_ENTRY_RESET(&ip_nat_icmp_table[i].common); + } + for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_TCP; i++) { + IPNAT_ENTRY_RESET(&ip_nat_tcp_table[i].common); + } + for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_UDP; i++) { + IPNAT_ENTRY_RESET(&ip_nat_udp_table[i].common); + } +} + +/** Allocate a new ip_nat_conf_t item */ +static ip_nat_conf_t* +ip_nat_alloc(void) +{ + ip_nat_conf_t *ret = (ip_nat_conf_t*)mem_malloc(sizeof(ip_nat_conf_t)); + return ret; +} + +/** Free a removed ip_nat_conf_t item */ +static void +ip_nat_free(ip_nat_conf_t *item) +{ + LWIP_ASSERT("item != NULL", item != NULL); + mem_free(item); +} + +/** Add a new NAT entry + * + * @param new_entry pointer to a structure used to initialize the entry + * @return ERR_OK if succeeded + */ +err_t +ip_nat_add(const ip_nat_entry_t *new_entry) +{ + err_t err = ERR_VAL; + ip_nat_conf_t *cur = ip_nat_cfg; + ip_nat_conf_t *ip_nat_cfg_new = ip_nat_alloc(); + LWIP_ASSERT("new_entry != NULL", new_entry != NULL); + + if (ip_nat_cfg_new != NULL) { + SMEMCPY(&ip_nat_cfg_new->entry, new_entry, sizeof(ip_nat_entry_t)); + ip_nat_cfg_new->next = NULL; + + ip_nat_dbg_dump_init(ip_nat_cfg_new); + + if (ip_nat_cfg == NULL) { + ip_nat_cfg = ip_nat_cfg_new; + } else { + /* @todo: do we really need to enqueue the new entry at the end?? */ + while (cur->next != NULL) { + cur = cur->next; + } + cur->next = ip_nat_cfg_new; + } + err = ERR_OK; + } else { + err = ERR_MEM; + } + return err; +} + +/** Remove a NAT entry previously added by 'ip_nat_add()'. + * + * @param remove_entry describes the entry to remove + */ +void +ip_nat_remove(const ip_nat_entry_t *remove_entry) +{ + ip_nat_conf_t *cur = ip_nat_cfg; + ip_nat_conf_t *next; + ip_nat_conf_t *previous = NULL; + + while (cur != NULL) { + /* Remove the NAT interfaces */ + if ((cur->entry.source_net.addr == remove_entry->source_net.addr) && + (cur->entry.source_netmask.addr == remove_entry->source_netmask.addr) && + (cur->entry.dest_net.addr == remove_entry->dest_net.addr) && + (cur->entry.dest_netmask.addr == remove_entry->dest_netmask.addr) && + (cur->entry.out_if == remove_entry->out_if) && + (cur->entry.in_if == remove_entry->in_if)) + { + ip_nat_dbg_dump_remove(cur); + + ip_nat_reset_state(cur); + next = cur->next; + if (cur == ip_nat_cfg) { + ip_nat_cfg = next; + } else { + LWIP_ASSERT("NULL != previous", NULL != previous); + previous->next = next; + } + /* @todo: free 'cur' or there will be a memory leak !?! */ + /* ip_nat_free(cur); */ + return; + } else { + previous = cur; + cur = cur->next; + } + } +} + +/** Reset a NAT configured entry to be reused. + * Effectively calls IPNAT_ENTRY_RESET() on 'cfg'. + * + * @param cfg NAT entry to reset + */ +static void +ip_nat_reset_state(ip_nat_conf_t *cfg) +{ + int i; + + /* @todo: optimize this!!! + why do we search for it anyway, if we have the pointer??? */ + for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_ICMP; i++) { + if(ip_nat_icmp_table[i].common.cfg == cfg) { + IPNAT_ENTRY_RESET(&ip_nat_icmp_table[i].common); + } + } + for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_TCP; i++) { + if(ip_nat_icmp_table[i].common.cfg == cfg) { + IPNAT_ENTRY_RESET(&ip_nat_tcp_table[i].common); + } + } + for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_UDP; i++) { + if(ip_nat_icmp_table[i].common.cfg == cfg) { + IPNAT_ENTRY_RESET(&ip_nat_udp_table[i].common); + } + } +} + +/** Check if this packet should be routed or should be translated + * + * @param iphdr the IP header to check + * @return - a NAT entry if the packet shall be translated, + * - NULL if the packet shall be routed normally + */ +static ip_nat_conf_t * +ip_nat_shallnat(const struct ip_hdr *iphdr) +{ + ip_nat_conf_t *nat_config; + + for (nat_config = ip_nat_cfg; nat_config != NULL; nat_config = nat_config->next) { + if (ip_addr_netcmp(&(iphdr->dest), &(nat_config->entry.dest_net), + &(nat_config->entry.dest_netmask)) && + ip_addr_netcmp(&(iphdr->src), &(nat_config->entry.source_net), + &(nat_config->entry.source_netmask))) { + break; + } + } + + return nat_config; +} + +/** Check if the IP header can be hidden and if the remaining packet + * is long enough. p->payload is reset to the IP header on return. + * + * @param p received packet, p->payload pointing to IP header + * @param min_size minimum p->tot_len after hiding IP header + * @return a pointer to the next header (after IP header), + * NULL if hiding IP header fails or the packet is too short + */ +static void* +ip_nat_check_header(struct pbuf *p, u16_t min_size) +{ + void *ret = NULL; + struct ip_hdr *iphdr = (struct ip_hdr*)p->payload; + s16_t iphdr_len = IPH_HL(iphdr) * 4; + + if(!pbuf_header(p, -iphdr_len)) { + if(p->tot_len >= min_size) { + ret = p->payload; + } + /* Restore pbuf payload pointer from previous header check. */ + pbuf_header(p, iphdr_len); + } + return ret; +} + +/** Input processing: check if a received packet belongs to a NAT entry + * and if so, translated it and send it on. + * + * @param p received packet + * @return 1 if the packet has been consumed (it was a NAT packet), + * 0 if the packet has not been consumed (no NAT packet) + */ +u8_t +ip_nat_input(struct pbuf *p) +{ + struct ip_hdr *iphdr = (struct ip_hdr*)p->payload; + struct tcp_hdr *tcphdr; + struct udp_hdr *udphdr; + struct icmp_echo_hdr *icmphdr; + nat_entry_t nat_entry; + err_t err; + u8_t consumed = 0; + int i; + struct pbuf *q = NULL; + + nat_entry.cmn = NULL; + ip_nat_dbg_dump("ip_nat_in: checking nat for", iphdr); + + switch (IPH_PROTO(iphdr)) { + case IP_PROTO_TCP: + tcphdr = (struct tcp_hdr*)ip_nat_check_header(p, sizeof(struct tcp_hdr)); + if (tcphdr == NULL) { + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_input: short tcp packet (%" U16_F " bytes) discarded\n", p->tot_len)); + } else { + nat_entry.tcp = ip_nat_tcp_lookup_incoming(iphdr, tcphdr); + if (nat_entry.tcp != NULL) { + /* Refresh TCP entry */ + nat_entry.tcp->common.ttl = LWIP_NAT_DEFAULT_TTL_SECONDS; + tcphdr->dest = nat_entry.tcp->sport; + /* Adjust TCP checksum for changed destination port */ + ip_nat_chksum_adjust((u8_t *)&(tcphdr->chksum), + (u8_t *)&(nat_entry.tcp->nport), 2, (u8_t *)&(tcphdr->dest), 2); + /* Adjust TCP checksum for changing dest IP address */ + ip_nat_chksum_adjust((u8_t *)&(tcphdr->chksum), + (u8_t *)&(nat_entry.cmn->cfg->entry.out_if->ip_addr.addr), 4, + (u8_t *)&(nat_entry.cmn->source.addr), 4); + + consumed = 1; + } + } + break; + + case IP_PROTO_UDP: + udphdr = (struct udp_hdr *)ip_nat_check_header(p, sizeof(struct udp_hdr)); + if (udphdr == NULL) { + LWIP_DEBUGF(LWIP_NAT_DEBUG, + ("ip_nat_input: short udp packet (%" U16_F " bytes) discarded\n", + p->tot_len)); + } else { + nat_entry.udp = ip_nat_udp_lookup_incoming(iphdr, udphdr); + if (nat_entry.udp != NULL) { + /* Refresh UDP entry */ + nat_entry.udp->common.ttl = LWIP_NAT_DEFAULT_TTL_SECONDS; + udphdr->dest = nat_entry.udp->sport; + /* Adjust UDP checksum for changed destination port */ + ip_nat_chksum_adjust((u8_t *)&(udphdr->chksum), + (u8_t *)&(nat_entry.udp->nport), 2, (u8_t *)&(udphdr->dest), 2); + /* Adjust UDP checksum for changing dest IP address */ + ip_nat_chksum_adjust((u8_t *)&(udphdr->chksum), + (u8_t *)&(nat_entry.cmn->cfg->entry.out_if->ip_addr.addr), 4, + (u8_t *)&(nat_entry.cmn->source.addr), 4); + + consumed = 1; + } + } + break; + + case IP_PROTO_ICMP: + icmphdr = (struct icmp_echo_hdr *)ip_nat_check_header(p, sizeof(struct icmp_echo_hdr)); + if (icmphdr == NULL) { + LWIP_DEBUGF(LWIP_NAT_DEBUG, + ("ip_nat_out: short icmp echo reply packet (%" U16_F " bytes) discarded\n", + p->tot_len)); + } else { + if (ICMP_ER == ICMPH_TYPE(icmphdr)) { + for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_ICMP; i++) { + nat_entry.icmp = &ip_nat_icmp_table[i]; + if ((nat_entry.icmp->common.ttl) && + (iphdr->src.addr == nat_entry.icmp->common.dest.addr) && + (nat_entry.icmp->id == icmphdr->id) && + (nat_entry.icmp->seqno == icmphdr->seqno)) { + ip_nat_dbg_dump_icmp_nat_entry("found existing nat entry: ", nat_entry.icmp); + consumed = 1; + IPNAT_ENTRY_RESET(nat_entry.cmn); + break; + } + } + } + } + break; + + default: + break; + } + + if(consumed) { + /* packet consumed, send it out on in_if */ + struct netif *in_if; + + /* check if the pbuf has room for link headers */ + if (pbuf_header(p, PBUF_LINK_HLEN)) { + /* pbuf has no room for link headers, allocate an extra pbuf */ + q = pbuf_alloc(PBUF_LINK, 0, PBUF_RAM); + if (q == NULL) { + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_input: no pbuf for outgoing header\n")); + /* @todo: stats? */ + pbuf_free(p); + p = NULL; + return 1; + } else { + pbuf_cat(q, p); + } + } else { + /* restore p->payload to IP header */ + if (pbuf_header(p, -PBUF_LINK_HLEN)) { + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_input: restoring header failed\n")); + /* @todo: stats? */ + pbuf_free(p); + p = NULL; + return 1; + } + } + /* if we come here, q is the pbuf to send (either points to p or to a chain) */ + in_if = nat_entry.cmn->cfg->entry.in_if; + iphdr->dest.addr = nat_entry.cmn->source.addr; + ip_nat_chksum_adjust((u8_t *) & IPH_CHKSUM(iphdr), + (u8_t *) & (nat_entry.cmn->cfg->entry.out_if->ip_addr.addr), 4, + (u8_t *) & (iphdr->dest.addr), 4); + + ip_nat_dbg_dump("ip_nat_input: packet back to source after nat: ", iphdr); + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_input: sending packet on interface (")); + ip_nat_dbg_dump_ip(&(in_if->ip_addr)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (")\n")); + + err = in_if->output(in_if, q, &(iphdr->dest)); + if(err != ERR_OK) { + LWIP_DEBUGF(LWIP_NAT_DEBUG, + ("ip_nat_input: failed to send rewritten packet. link layer returned %d\n", + err)); + } + /* now that q (and/or p) is sent (or not), give up the reference to it + this frees the input pbuf (p) as we have consumed it. */ + pbuf_free(q); + } + return consumed; +} + +/** Check if one NAT entry timed out */ +static void +ip_nat_check_timeout(ip_nat_entry_common_t *nat_entry) +{ + if(nat_entry->ttl > 0) { + if(nat_entry->ttl != LWIP_NAT_TTL_INFINITE) { + /* this is not a 'no-timeout' entry */ + if(nat_entry->ttl > LWIP_NAT_TMR_INTERVAL_SEC) { + nat_entry->ttl -= LWIP_NAT_TMR_INTERVAL_SEC; + } else { + nat_entry->ttl = 0; + } + } + } +} + +/** The NAT timer function, to be called at an interval of + * LWIP_NAT_TMR_INTERVAL_SEC seconds. + */ +void +ip_nat_tmr(void) +{ + int i; + + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_tmr: removing old entries\n")); + + for(i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_ICMP; i++) { + ip_nat_check_timeout((ip_nat_entry_common_t *) & ip_nat_icmp_table[i]); + } + for(i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_TCP; i++) { + ip_nat_check_timeout((ip_nat_entry_common_t *) & ip_nat_tcp_table[i]); + } + for(i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_UDP; i++) { + ip_nat_check_timeout((ip_nat_entry_common_t *) & ip_nat_udp_table[i]); + } +} + +/** Vheck if we want to perform NAT with this packet. If so, send it out on + * the correct interface. + * + * @param p the packet to test/send + * @return 1: the packet has been sent using NAT, + * 0: the packet did not belong to a NAT entry + */ +u8_t +ip_nat_out(struct pbuf *p) +{ + u8_t sent = 0; + err_t err; + struct ip_hdr *iphdr = p->payload; + struct icmp_echo_hdr *icmphdr; + struct tcp_hdr *tcphdr; + struct udp_hdr *udphdr; + ip_nat_conf_t *nat_config; + nat_entry_t nat_entry; + int i; + + nat_entry.cmn = NULL; + + ip_nat_dbg_dump("ip_nat_out: checking nat for", iphdr); + + /* Check if this packet should be routed or should be translated */ + nat_config = ip_nat_shallnat(iphdr); + if (nat_config != NULL ) { + if (nat_config->entry.out_if == NULL) { + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_out: no external interface for nat table entry\n")); + } else { + switch (IPH_PROTO(iphdr)) + { + case IP_PROTO_TCP: + tcphdr = (struct tcp_hdr *)ip_nat_check_header(p, sizeof(struct tcp_hdr)); + if (tcphdr == NULL) { + LWIP_DEBUGF(LWIP_NAT_DEBUG, + ("ip_nat_out: short tcp packet (%" U16_F " bytes) discarded\n", p->tot_len)); + } else { + nat_entry.tcp = ip_nat_tcp_lookup_outgoing(nat_config, iphdr, tcphdr, 1); + if (nat_entry.tcp != NULL) { + /* Adjust TCP checksum for changing source port */ + tcphdr->src = nat_entry.tcp->nport; + ip_nat_chksum_adjust((u8_t *)&(tcphdr->chksum), + (u8_t *)&(nat_entry.tcp->sport), 2, (u8_t *)&(tcphdr->src), 2); + /* Adjust TCP checksum for changing source IP address */ + ip_nat_chksum_adjust((u8_t *)&(tcphdr->chksum), + (u8_t *)&(nat_entry.cmn->source.addr), 4, + (u8_t *)&(nat_entry.cmn->cfg->entry.out_if->ip_addr.addr), 4); + } + } + break; + + case IP_PROTO_UDP: + udphdr = (struct udp_hdr *)ip_nat_check_header(p, sizeof(struct udp_hdr)); + if (udphdr == NULL) { + LWIP_DEBUGF(LWIP_NAT_DEBUG, + ("ip_nat_out: short udp packet (%" U16_F " bytes) discarded\n", p->tot_len)); + } else { + nat_entry.udp = ip_nat_udp_lookup_outgoing(nat_config, iphdr, udphdr, 1); + if (nat_entry.udp != NULL) { + /* Adjust UDP checksum for changing source port */ + udphdr->src = nat_entry.udp->nport; + ip_nat_chksum_adjust((u8_t *)&(udphdr->chksum), + (u8_t *)&(nat_entry.udp->sport), 2, (u8_t *) & (udphdr->src), 2); + /* Adjust UDP checksum for changing source IP address */ + ip_nat_chksum_adjust((u8_t *)&(udphdr->chksum), + (u8_t *)&(nat_entry.cmn->source.addr), 4, + (u8_t *)&(nat_entry.cmn->cfg->entry.out_if->ip_addr.addr), 4); + } + } + break; + + case IP_PROTO_ICMP: + icmphdr = (struct icmp_echo_hdr *)ip_nat_check_header(p, sizeof(struct icmp_echo_hdr)); + if(icmphdr == NULL) { + LWIP_DEBUGF(LWIP_NAT_DEBUG, + ("ip_nat_out: short icmp echo packet (%" U16_F " bytes) discarded\n", p->tot_len)); + } else { + if (ICMPH_TYPE(icmphdr) == ICMP_ECHO) { + for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_ICMP; i++) { + if (!ip_nat_icmp_table[i].common.ttl) { + nat_entry.icmp = &ip_nat_icmp_table[i]; + ip_nat_cmn_init(nat_config, iphdr, nat_entry.cmn); + nat_entry.icmp->id = icmphdr->id; + nat_entry.icmp->seqno = icmphdr->seqno; + ip_nat_dbg_dump_icmp_nat_entry(" ip_nat_out: created new NAT entry ", nat_entry.icmp); + break; + } + } + if (NULL == nat_entry.icmp) + { + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_out: no more NAT entries for ICMP available\n")); + } + } + } + break; + default: + break; + } + + if (nat_entry.cmn != NULL) { + struct netif *out_if = nat_entry.cmn->cfg->entry.out_if; + /* Exchange the IP source address with the address of the interface + * where the packet will be sent. + */ + /* @todo: check nat_config->entry.out_if agains nat_entry.cmn->cfg->entry.out_if */ + iphdr->src.addr = nat_config->entry.out_if->ip_addr.addr; + ip_nat_chksum_adjust((u8_t *) & IPH_CHKSUM(iphdr), + (u8_t *) & (nat_entry.cmn->source.addr), 4, (u8_t *) & iphdr->src.addr, 4); + + ip_nat_dbg_dump("ip_nat_out: rewritten packet", iphdr); + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_out: sending packet on interface (")); + ip_nat_dbg_dump_ip(&(out_if->ip_addr)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (")\n")); + + err = out_if->output(out_if, p, &(iphdr->dest)); + if (err != ERR_OK) { + LWIP_DEBUGF(LWIP_NAT_DEBUG, + ("ip_nat_out: failed to send rewritten packet. link layer returned %d\n", err)); + } else { + sent = 1; + } + } + } + } + + return sent; +} + +/** Initialize common parts of a NAT entry + * + * @param nat_config NAT config entry + * @param iphdr IP header from which to initialize the entry + * @param nat_entry entry to initialize + */ +static void +ip_nat_cmn_init(ip_nat_conf_t *nat_config, const struct ip_hdr *iphdr, ip_nat_entry_common_t *nat_entry) +{ + LWIP_ASSERT("NULL != nat_entry", NULL != nat_entry); + LWIP_ASSERT("NULL != nat_config", NULL != nat_config); + LWIP_ASSERT("NULL != iphdr", NULL != iphdr); + nat_entry->cfg = nat_config; + nat_entry->dest = iphdr->dest; + nat_entry->source = iphdr->src; + nat_entry->ttl = LWIP_NAT_DEFAULT_TTL_SECONDS; +} + +/** + * This function checks for incoming packets if we already have a NAT entry. + * If yes a pointer to the NAT entry is returned. Otherwise NULL. + * + * @param nat_config NAT configuration. + * @param iphdr The IP header. + * @param udphdr The UDP header. + * @return A pointer to an existing NAT entry or + * NULL if none is found. + */ +static ip_nat_entries_udp_t * +ip_nat_udp_lookup_incoming(const struct ip_hdr *iphdr, const struct udp_hdr *udphdr) +{ + int i; + ip_nat_entries_udp_t *nat_entry = NULL; + + for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_UDP; i++) { + if (ip_nat_udp_table[i].common.ttl) { + if ((iphdr->src.addr == ip_nat_udp_table[i].common.dest.addr) && + (udphdr->src == ip_nat_udp_table[i].dport) && + (udphdr->dest == ip_nat_udp_table[i].nport)) { + nat_entry = &ip_nat_udp_table[i]; + ip_nat_dbg_dump_udp_nat_entry("ip_nat_udp_lookup_incoming: found existing nat entry: ", + nat_entry); + break; + } + } + } + return nat_entry; +} + +/** + * This function checks if we already have a NAT entry for this UDP connection. + * If yes the a pointer to this NAT entry is returned. + * + * @param iphdr The IP header. + * @param udphdr The UDP header. + * @param allocate If no existing NAT entry is found and this flag is true + * a NAT entry is allocated. + */ +static ip_nat_entries_udp_t * +ip_nat_udp_lookup_outgoing(ip_nat_conf_t *nat_config, const struct ip_hdr *iphdr, + const struct udp_hdr *udphdr, u8_t allocate) +{ + int i; + nat_entry_t nat_entry; + int last_free = -1; + + nat_entry.cmn = NULL; + for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_UDP; i++) { + if (ip_nat_udp_table[i].common.ttl) { + if ((iphdr->src.addr == ip_nat_udp_table[i].common.source.addr) && + (iphdr->dest.addr == ip_nat_udp_table[i].common.dest.addr) && + (udphdr->src == ip_nat_udp_table[i].sport) && + (udphdr->dest == ip_nat_udp_table[i].dport)) { + nat_entry.udp = &ip_nat_udp_table[i]; + + ip_nat_dbg_dump_udp_nat_entry("ip_nat_udp_lookup_outgoing: found existing nat entry: ", + nat_entry.udp); + } + } else { + last_free = i; + } + } + if (nat_entry.cmn == NULL) { + if (allocate) { + if (last_free != -1) { + nat_entry.udp = &ip_nat_udp_table[last_free]; + nat_entry.udp->nport = htons((u16_t) (LWIP_NAT_DEFAULT_UDP_SOURCE_PORT + i)); + nat_entry.udp->sport = udphdr->src; + nat_entry.udp->dport = udphdr->dest; + ip_nat_cmn_init(nat_config, iphdr, nat_entry.cmn); + + ip_nat_dbg_dump_udp_nat_entry("ip_nat_udp_lookup_outgoing: created new nat entry: ", + nat_entry.udp); + } else { + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_udp_lookup_outgoing: no more NAT entries available\n")); + } + } + } + return nat_entry.udp; +} + +/** + * This function checks for incoming packets if we already have a NAT entry. + * If yes a pointer to the NAT entry is returned. Otherwise NULL. + * + * @param nat_config NAT configuration. + * @param iphdr The IP header. + * @param tcphdr The TCP header. + * @return A pointer to an existing NAT entry or NULL if none is found. + */ +static ip_nat_entries_tcp_t * +ip_nat_tcp_lookup_incoming(const struct ip_hdr *iphdr, const struct tcp_hdr *tcphdr) +{ + int i; + ip_nat_entries_tcp_t *nat_entry = NULL; + + for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_TCP; i++) { + if (ip_nat_tcp_table[i].common.ttl) { + if ((iphdr->src.addr == ip_nat_tcp_table[i].common.dest.addr) && + (tcphdr->src == ip_nat_tcp_table[i].dport) && + (tcphdr->dest == ip_nat_tcp_table[i].nport)) { + nat_entry = &ip_nat_tcp_table[i]; + + ip_nat_dbg_dump_tcp_nat_entry("ip_nat_tcp_lookup_incoming: found existing nat entry: ", + nat_entry); + break; + } + } + } + return nat_entry; +} + +/** + * This function checks if we already have a NAT entry for this TCP connection. + * If yes the a pointer to this NAT entry is returned. + * + * @param iphdr The IP header. + * @param tcphdr The TCP header. + * @param allocate If no existing NAT entry is found and this flag is true + * a NAT entry is allocated. + */ +static ip_nat_entries_tcp_t * +ip_nat_tcp_lookup_outgoing(ip_nat_conf_t *nat_config, const struct ip_hdr *iphdr, + const struct tcp_hdr *tcphdr, u8_t allocate) +{ + int i; + nat_entry_t nat_entry; + int last_free = -1; + + nat_entry.cmn = NULL; + for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_TCP; i++) { + if (ip_nat_tcp_table[i].common.ttl) { + if ((iphdr->src.addr == ip_nat_tcp_table[i].common.source.addr) && + (iphdr->dest.addr == ip_nat_tcp_table[i].common.dest.addr) && + (tcphdr->src == ip_nat_tcp_table[i].sport) && + (tcphdr->dest == ip_nat_tcp_table[i].dport)) { + nat_entry.tcp = &ip_nat_tcp_table[i]; + + ip_nat_dbg_dump_tcp_nat_entry("ip_nat_tcp_lookup_outgoing: found existing nat entry: ", + nat_entry.tcp); + } + } else { + last_free = i; + } + } + if (nat_entry.cmn == NULL) { + if (allocate) { + if (last_free != -1) { + nat_entry.tcp = &ip_nat_tcp_table[last_free]; + nat_entry.tcp->nport = htons((u16_t) (LWIP_NAT_DEFAULT_TCP_SOURCE_PORT + i)); + nat_entry.tcp->sport = tcphdr->src; + nat_entry.tcp->dport = tcphdr->dest; + ip_nat_cmn_init(nat_config, iphdr, nat_entry.cmn); + + ip_nat_dbg_dump_tcp_nat_entry("ip_nat_tcp_lookup_outgoing: created new nat entry: ", + nat_entry.tcp); + } else { + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_udp_lookup_outgoing: no more NAT entries available\n")); + } + } + } + return nat_entry.tcp; +} + +/** Adjusts the checksum of a NAT'ed packet without having to completely recalculate it + * @todo: verify this works for little- and big-endian + * + * @param chksum points to the chksum in the packet + * @param optr points to the old data in the packet + * @param olen length of old data + * @param nptr points to the new data in the packet + * @param nlen length of new data + */ +static void +ip_nat_chksum_adjust(u8_t *chksum, const u8_t *optr, s16_t olen, const u8_t *nptr, s16_t nlen) +{ + s32_t x, oldval, newval; + + LWIP_ASSERT("NULL != chksum", NULL != chksum); + LWIP_ASSERT("NULL != optr", NULL != optr); + LWIP_ASSERT("NULL != nptr", NULL != nptr); + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_chksum_adjust: chksum=%p, optr=%p, olen=%" U16_F ", nptr=%p, nlen=%" U16_F "\n", + chksum, optr, olen, nptr, nlen)); + x = chksum[0] * 256 + chksum[1]; + x = ~x & 0xFFFF; + while (olen) { + oldval = optr[0] * 256 + optr[1]; + optr += 2; + x -= oldval & 0xffff; + if (x <= 0) { + x--; + x &= 0xffff; + } + olen -= 2; + } + while (nlen) { + newval = nptr[0] * 256 + nptr[1]; + nptr += 2; + x += newval & 0xffff; + if (x & 0x10000) { + x++; + x &= 0xffff; + } + nlen -= 2; + } + x = ~x & 0xFFFF; + chksum[0] = x / 256; + chksum[1] = x & 0xff; + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_chksum_adjust: chksum = 0x%x\n", *((u16_t *) chksum))); +} + +#if defined(LWIP_DEBUG) && (LWIP_NAT_DEBUG & LWIP_DBG_ON) +/** + * This function dumps an IP address + * + * @param addr IP address + */ +static void +ip_nat_dbg_dump_ip(const ip_addr_t *addr) +{ + LWIP_ASSERT("NULL != addr", NULL != addr); + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("%" U16_F ".%" U16_F ".%" U16_F ".%" U16_F, + ip4_addr1(addr), ip4_addr2(addr), ip4_addr3(addr), ip4_addr4(addr))); +} + +/** + * This function dumps an IP header + * + * @param msg a message to print + * @param iphdr IP header + */ +static void +ip_nat_dbg_dump(const char *msg, const struct ip_hdr *iphdr) +{ + LWIP_ASSERT("NULL != msg", NULL != msg); + LWIP_ASSERT("NULL != iphdr", NULL != iphdr); + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("%s: IP: (", msg)); + ip_nat_dbg_dump_ip(&iphdr->src); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> ")); + ip_nat_dbg_dump_ip(&iphdr->dest); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (" id=%" U16_F ", chksum=%" U16_F ")\n", + ntohs(IPH_ID(iphdr)), ntohs(IPH_CHKSUM(iphdr)))); +} + +/** + * This function dumps an ICMP echo reply/recho request nat entry. + * + * @param msg a message to print + * @param nat_entry the ICMP NAT entry to print + */ +static void +ip_nat_dbg_dump_icmp_nat_entry(const char *msg, const ip_nat_entries_icmp_t *nat_entry) +{ + LWIP_ASSERT("NULL != msg", NULL != msg); + LWIP_ASSERT("NULL != nat_entry", NULL != nat_entry); + LWIP_ASSERT("NULL != nat_entry->common.cfg", NULL != nat_entry->common.cfg); + LWIP_ASSERT("NULL != nat_entry->common.cfg->entry.out_if", + NULL != nat_entry->common.cfg->entry.out_if); + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("%s", msg)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ICMP : (")); + ip_nat_dbg_dump_ip(&(nat_entry->common.source)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> ")); + ip_nat_dbg_dump_ip(&(nat_entry->common.dest)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (" id=%" U16_F, ntohs(nat_entry->id))); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (", seq=%" U16_F, ntohs(nat_entry->seqno))); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (") mapped at (")); + ip_nat_dbg_dump_ip(&(nat_entry->common.cfg->entry.out_if->ip_addr)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> ")); + ip_nat_dbg_dump_ip(&(nat_entry->common.dest)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (" id=%" U16_F, ntohs(nat_entry->id))); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (", seq=%" U16_F, ntohs(nat_entry->seqno))); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (")\n")); +} + +/** + * This function dumps an TCP nat entry. + * + * @param msg a message to print + * @param nat_entry the TCP NAT entry to print + */ +static void +ip_nat_dbg_dump_tcp_nat_entry(const char *msg, const ip_nat_entries_tcp_t *nat_entry) +{ + LWIP_ASSERT("NULL != msg", NULL != msg); + LWIP_ASSERT("NULL != nat_entry", NULL != nat_entry); + LWIP_ASSERT("NULL != nat_entry->common.cfg", NULL != nat_entry->common.cfg); + LWIP_ASSERT("NULL != nat_entry->common.cfg->entry.out_if", + NULL != nat_entry->common.cfg->entry.out_if); + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("%s", msg)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("TCP : (")); + ip_nat_dbg_dump_ip(&(nat_entry->common.source)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (":%" U16_F, ntohs(nat_entry->sport))); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> ")); + ip_nat_dbg_dump_ip(&(nat_entry->common.dest)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (":%" U16_F, ntohs(nat_entry->dport))); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (") mapped at (")); + ip_nat_dbg_dump_ip(&(nat_entry->common.cfg->entry.out_if->ip_addr)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (":%" U16_F, ntohs(nat_entry->nport))); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> ")); + ip_nat_dbg_dump_ip(&(nat_entry->common.dest)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (":%" U16_F, ntohs(nat_entry->dport))); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (")\n")); +} + +/** + * This function dumps a UDP NAT entry. + * + * @param msg a message to print + * @param nat_entry the UDP NAT entry to print + */ +static void +ip_nat_dbg_dump_udp_nat_entry(const char *msg, const ip_nat_entries_udp_t *nat_entry) +{ + LWIP_ASSERT("NULL != msg", NULL != msg); + LWIP_ASSERT("NULL != nat_entry", NULL != nat_entry); + LWIP_ASSERT("NULL != nat_entry->common.cfg", NULL != nat_entry->common.cfg); + LWIP_ASSERT("NULL != nat_entry->common.cfg->entry.out_if", + NULL != nat_entry->common.cfg->entry.out_if); + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("%s", msg)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("UDP : (")); + ip_nat_dbg_dump_ip(&(nat_entry->common.source)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (":%" U16_F, ntohs(nat_entry->sport))); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> ")); + ip_nat_dbg_dump_ip(&(nat_entry->common.dest)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (":%" U16_F, ntohs(nat_entry->dport))); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (") mapped at (")); + ip_nat_dbg_dump_ip(&(nat_entry->common.cfg->entry.out_if->ip_addr)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (":%" U16_F, ntohs(nat_entry->nport))); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> ")); + ip_nat_dbg_dump_ip(&(nat_entry->common.dest)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (":%" U16_F, ntohs(nat_entry->dport))); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (")\n")); +} + +/** Prints some info when creating a new NAT entry */ +static void +ip_nat_dbg_dump_init(ip_nat_conf_t *ip_nat_cfg_new) +{ + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_init: added new NAT interface\n")); + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_init: ")); + ip_nat_dbg_dump_ip(&(ip_nat_cfg_new->entry.source_net)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("/")); + ip_nat_dbg_dump_ip(&(ip_nat_cfg_new->entry.source_netmask)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("@")); + ip_nat_dbg_dump_ip(&(ip_nat_cfg_new->entry.in_if->ip_addr)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> ")); + ip_nat_dbg_dump_ip(&(ip_nat_cfg_new->entry.dest_net)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("/")); + ip_nat_dbg_dump_ip(&(ip_nat_cfg_new->entry.dest_netmask)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("@")); + ip_nat_dbg_dump_ip(&(ip_nat_cfg_new->entry.out_if->ip_addr)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("\n")); +} + +/** Prints some info when removing a NAT entry */ +static void +ip_nat_dbg_dump_remove(ip_nat_conf_t *cur) +{ + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_remove: removing existing NAT interface\n")); + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_remove: ")); + ip_nat_dbg_dump_ip(&(cur->entry.source_net)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("/")); + ip_nat_dbg_dump_ip(&(cur->entry.source_netmask)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("@")); + ip_nat_dbg_dump_ip(&(cur->entry.in_if->ip_addr)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> ")); + ip_nat_dbg_dump_ip(&(cur->entry.dest_net)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("/")); + ip_nat_dbg_dump_ip(&(cur->entry.dest_netmask)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("@")); + ip_nat_dbg_dump_ip(&(cur->entry.out_if->ip_addr)); + LWIP_DEBUGF(LWIP_NAT_DEBUG, ("\n")); +} +#endif /* defined(LWIP_DEBUG) && (LWIP_NAT_DEBUG & LWIP_DBG_ON) */ + +#endif /* IP_NAT */ diff --git a/src/core/timers.c b/src/core/timers.c index 0dba9272..44d986cc 100644 --- a/src/core/timers.c +++ b/src/core/timers.c @@ -53,6 +53,7 @@ #include "lwip/autoip.h" #include "lwip/igmp.h" #include "lwip/dns.h" +#include "lwip/ip_nat.h" /** The one and only timeout list */ @@ -214,6 +215,22 @@ dns_timer(void *arg) } #endif /* LWIP_DNS */ +#if IP_NAT +/** + * Timer callback function that calls ip_nat_tmr() and reschedules itself. + * + * @param arg unused argument + */ +static void +nat_timer(void *arg) +{ + LWIP_UNUSED_ARG(arg); + LWIP_DEBUGF(TIMERS_DEBUG, ("tcpip: nat_timer()\n")); + ip_nat_tmr(); + sys_timeout(LWIP_NAT_TMR_INTERVAL_SEC, nat_timer, NULL); +} +#endif /* IP_NAT */ + /** Initialize this module */ void sys_timeouts_init(void) { @@ -236,6 +253,9 @@ void sys_timeouts_init(void) #if LWIP_DNS sys_timeout(DNS_TMR_INTERVAL, dns_timer, NULL); #endif /* LWIP_DNS */ +#if IP_NAT + sys_timeout(LWIP_NAT_TMR_INTERVAL_SEC, nat_timer, NULL); +#endif /* IP_NAT */ #if NO_SYS /* Initialise timestamp for sys_check_timeouts */ diff --git a/src/include/ipv4/lwip/ip_nat.h b/src/include/ipv4/lwip/ip_nat.h new file mode 100644 index 00000000..0810785e --- /dev/null +++ b/src/include/ipv4/lwip/ip_nat.h @@ -0,0 +1,51 @@ +/*************************************************************************** + * Template - A brief description for this module. + * Copyright (c) 2008 Christian Walter, © Embedded Solutions, Vienna 2006. + * + * $Id: ip_nat.h,v 1.1 2010/05/05 19:34:23 goldsimon Exp $ + ***************************************************************************/ + +#ifndef __LWIP_NAT_H__ +#define __LWIP_NAT_H__ + +#include "lwip/err.h" +#include "lwip/ip_addr.h" +#include "lwip/opt.h" + +#if IP_NAT + +/** Timer interval at which to call ip_nat_tmr() */ +#define LWIP_NAT_TMR_INTERVAL_SEC 5 + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +struct netif; +struct pbuf; + +typedef struct ip_nat_entry +{ + ip_addr_t source_net; + ip_addr_t source_netmask; + ip_addr_t dest_net; + ip_addr_t dest_netmask; + struct netif *out_if; + struct netif *in_if; +} ip_nat_entry_t; + +void ip_nat_init(void); +void ip_nat_tmr(void); +u8_t ip_nat_input(struct pbuf *p); +u8_t ip_nat_out(struct pbuf *p); + +err_t ip_nat_add(const ip_nat_entry_t *new_entry); +void ip_nat_remove(const ip_nat_entry_t *remove_entry); + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* IP_NAT */ + +#endif /* __LWIP_NAT_H__ */ diff --git a/src/include/lwip/opt.h b/src/include/lwip/opt.h index 81d98970..0433156e 100644 --- a/src/include/lwip/opt.h +++ b/src/include/lwip/opt.h @@ -466,6 +466,11 @@ #define IP_FORWARD 0 #endif +/** IP_NAT==1: Enables network address translation code */ +#ifndef IP_NAT +#define IP_NAT 0 +#endif + /** * IP_OPTIONS_ALLOWED: Defines the behavior for IP options. * IP_OPTIONS_ALLOWED==0: All packets with IP options are dropped.