rt-thread/components/net/lwip_nat/ipv4_nat.c

/**
 * NAT - NAT implementation for lwIP supporting TCP/UDP and ICMP.
 * Copyright (c) 2009 Christian Walter, ?Embedded Solutions, Vienna 2009.
 *
 * Copyright (c) 2010 lwIP project ;-)
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without modification,
 * are permitted provided that the following conditions are met:
 *
 * 1. Redistributions of source code must retain the above copyright notice,
 *    this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright notice,
 *    this list of conditions and the following disclaimer in the documentation
 *    and/or other materials provided with the distribution.
 * 3. The name of the author may not be used to endorse or promote products
 *    derived from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
 * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
 * OF SUCH DAMAGE.
 *
 * This file is part of the lwIP TCP/IP stack.
 */

/*
 * File      : ipv4_nat.c
 * This file is part of RT-Thread RTOS
 * COPYRIGHT (C) 2015, RT-Thread Development Team
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Change Logs:
 * Date           Author       Notes
 * 2015-01-26     Hichard      porting to RT-Thread
 * 2015-01-27     Bernard      code cleanup for lwIP in RT-Thread
 */

/*
 * TODOS:
 *  - we should decide if we want to use static tables for NAT or a linked
 *    list.
 *  - we should allocate icmp ping id if multiple clients are sending
 *    ping requests.
 *  - maybe we could hash the identifiers for TCP, ICMP and UDP and use
 *    a single table structure. This would reduce the code amount although
 *    it will cost performance.
 *  - NAT code must check for broadcast addresses and NOT forward
 *    them.
 *
 *  - netif_remove must notify NAT code when a NAT'ed interface is removed
 *  - allocate NAT entries from a new memp pool instead of the heap
 *  - let ttl be ticks, not seconds
 *
 * HOWTO USE:
 *
 * Shows how to create NAT between a PPP interface and an internal NIC.
 * In this case the network 213.129.231.168/29 is nat'ed when packets
 * are sent to the destination network 10.0.0.0/24 (untypical example -
 * most users will have the other way around).
 *
 * Step 1) Execute when network interfaces are ready.
 *
 * new_nat_entry.out_if = (struct netif *)&PPP_IF;
 * new_nat_entry.in_if = (struct netif *)&EMAC_if;
 * IP4_ADDR(&new_nat_entry.source_net, 213, 129, 231, 168);
 * IP4_ADDR(&new_nat_entry.source_netmask, 255, 255, 255, 248);
 * IP4_ADDR(&new_nat_entry.dest_net, 10, 0, 0, 0);
 * IP4_ADDR(&new_nat_entry.source_netmask, 255, 0, 0, 0);
 * ip_nat_add(&new_nat_entry);
 */

#include "ipv4_nat.h"
#include "lwip/opt.h"

#ifdef LWIP_USING_NAT

#include "lwip/ip.h"
#include "lwip/inet.h"
#include "lwip/netif.h"
#include "lwip/ip_addr.h"
#include "lwip/icmp.h"
#include "lwip/tcp_impl.h"
#include "lwip/udp.h"
#include "lwip/mem.h"
#include "lwip/sys.h"
#include "lwip/timers.h"
#include "netif/etharp.h"

#include <limits.h>
#include <string.h>

/** Define this to enable debug output of this module */
#ifndef LWIP_NAT_DEBUG
#define LWIP_NAT_DEBUG      LWIP_DBG_OFF
#endif

#define LWIP_NAT_TTL_INFINITE                    (INT_MAX)
#define LWIP_NAT_DEFAULT_TTL_SECONDS             (128)
#define LWIP_NAT_FORWARD_HEADER_SIZE_MIN         (sizeof(struct eth_hdr))

#define LWIP_NAT_DEFAULT_STATE_TABLES_ICMP       (4)
#define LWIP_NAT_DEFAULT_STATE_TABLES_TCP        (32)
#define LWIP_NAT_DEFAULT_STATE_TABLES_UDP        (32)

#define LWIP_NAT_DEFAULT_TCP_SOURCE_PORT         (40000)
#define LWIP_NAT_DEFAULT_UDP_SOURCE_PORT         (40000)

#define IPNAT_ENTRY_RESET(x) do { \
  (x)->ttl = 0; \
} while(0)

typedef struct ip_nat_conf
{
  struct ip_nat_conf *next;
  ip_nat_entry_t      entry;
} ip_nat_conf_t;

typedef struct ip_nat_entry_common
{
  s32_t           ttl; /* @todo: do we really need this to be signed?? */
  ip_addr_t       source;
  ip_addr_t       dest;
  ip_nat_conf_t   *cfg;
} ip_nat_entry_common_t;

typedef struct ip_nat_entries_icmp
{
  ip_nat_entry_common_t common;
  u16_t                 id;
  u16_t                 seqno;
} ip_nat_entries_icmp_t;

typedef struct ip_nat_entries_tcp
{
  ip_nat_entry_common_t common;
  u16_t                 nport;
  u16_t                 sport;
  u16_t                 dport;
} ip_nat_entries_tcp_t;

typedef struct ip_nat_entries_udp
{
  ip_nat_entry_common_t common;
  u16_t                 nport;
  u16_t                 sport;
  u16_t                 dport;
} ip_nat_entries_udp_t;

typedef union u_nat_entry
{
  ip_nat_entry_common_t *cmn;
  ip_nat_entries_tcp_t  *tcp;
  ip_nat_entries_icmp_t *icmp;
  ip_nat_entries_udp_t  *udp;
} nat_entry_t;

static ip_nat_conf_t *ip_nat_cfg = NULL;
static ip_nat_entries_icmp_t ip_nat_icmp_table[LWIP_NAT_DEFAULT_STATE_TABLES_ICMP];
static ip_nat_entries_tcp_t ip_nat_tcp_table[LWIP_NAT_DEFAULT_STATE_TABLES_TCP];
static ip_nat_entries_udp_t ip_nat_udp_table[LWIP_NAT_DEFAULT_STATE_TABLES_UDP];

/* ----------------------- Static functions (COMMON) --------------------*/
static void     ip_nat_chksum_adjust(u8_t *chksum, const u8_t *optr, s16_t olen, const u8_t *nptr, s16_t nlen);
static void     ip_nat_cmn_init(ip_nat_conf_t *nat_config, const struct ip_hdr *iphdr,
                                 ip_nat_entry_common_t *nat_entry);
static ip_nat_conf_t *ip_nat_shallnat(const struct ip_hdr *iphdr);
static void     ip_nat_reset_state(ip_nat_conf_t *cfg);

/* ----------------------- Static functions (DEBUG) ---------------------*/
#if defined(LWIP_DEBUG) && (LWIP_NAT_DEBUG & LWIP_DBG_ON)
static void     ip_nat_dbg_dump(const char *msg, const struct ip_hdr *iphdr);
static void     ip_nat_dbg_dump_ip(const ip_addr_t *addr);
static void     ip_nat_dbg_dump_icmp_nat_entry(const char *msg, const ip_nat_entries_icmp_t *nat_entry);
static void     ip_nat_dbg_dump_tcp_nat_entry(const char *msg, const ip_nat_entries_tcp_t *nat_entry);
static void     ip_nat_dbg_dump_udp_nat_entry(const char *msg, const ip_nat_entries_udp_t *nat_entry);
static void     ip_nat_dbg_dump_init(ip_nat_conf_t *ip_nat_cfg_new);
static void     ip_nat_dbg_dump_remove(ip_nat_conf_t *cur);
#else /* defined(LWIP_DEBUG) && (LWIP_NAT_DEBUG & LWIP_DBG_ON) */
#define ip_nat_dbg_dump(msg, iphdr)
#define ip_nat_dbg_dump_ip(addr)
#define ip_nat_dbg_dump_icmp_nat_entry(msg, nat_entry)
#define ip_nat_dbg_dump_tcp_nat_entry(msg, nat_entry)
#define ip_nat_dbg_dump_udp_nat_entry(msg, nat_entry)
#define ip_nat_dbg_dump_init(ip_nat_cfg_new)
#define ip_nat_dbg_dump_remove(cur)
#endif /* defined(LWIP_DEBUG) && (LWIP_NAT_DEBUG & LWIP_DBG_ON) */

/* ----------------------- Static functions (TCP) -----------------------*/
static ip_nat_entries_tcp_t *ip_nat_tcp_lookup_incoming(const struct ip_hdr *iphdr, const struct tcp_hdr *tcphdr);
static ip_nat_entries_tcp_t *ip_nat_tcp_lookup_outgoing(ip_nat_conf_t *nat_config,
                                                         const struct ip_hdr *iphdr, const struct tcp_hdr *tcphdr,
                                                         u8_t allocate);

/* ----------------------- Static functions (UDP) -----------------------*/
static ip_nat_entries_udp_t *ip_nat_udp_lookup_incoming(const struct ip_hdr *iphdr, const struct udp_hdr *udphdr);
static ip_nat_entries_udp_t *ip_nat_udp_lookup_outgoing(ip_nat_conf_t *nat_config,
                                                         const struct ip_hdr *iphdr, const struct udp_hdr *udphdr,
                                                         u8_t allocate);

/**
 * Timer callback function that calls ip_nat_tmr() and reschedules itself.
 *
 * @param arg unused argument
 */
static void
nat_timer(void *arg)
{
  LWIP_UNUSED_ARG(arg);
  LWIP_DEBUGF(TIMERS_DEBUG, ("tcpip: nat_timer()\n"));

  ip_nat_tmr();
  sys_timeout(LWIP_NAT_TMR_INTERVAL_SEC * 1000, nat_timer, NULL);
}

/** Initialize this module */
void
ip_nat_init(void)
{
  int i;
  extern void lwip_ip_input_set_hook(int (*hook)(struct pbuf *p, struct netif *inp));

  /* @todo: this can be omitted since we trust static variables
            to be initialized to zero */
  for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_ICMP; i++) {
    IPNAT_ENTRY_RESET(&ip_nat_icmp_table[i].common);
  }
  for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_TCP; i++) {
    IPNAT_ENTRY_RESET(&ip_nat_tcp_table[i].common);
  }
  for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_UDP; i++) {
    IPNAT_ENTRY_RESET(&ip_nat_udp_table[i].common);
  }

  /* we must lock scheduler to protect following code */
  rt_enter_critical();

  /* add a lwip timer for NAT */
  sys_timeout(LWIP_NAT_TMR_INTERVAL_SEC * 1000, nat_timer, NULL);

  /* un-protect */
  rt_exit_critical();
}

/** Allocate a new ip_nat_conf_t item */
static ip_nat_conf_t*
ip_nat_alloc(void)
{
  ip_nat_conf_t *ret = (ip_nat_conf_t*)mem_malloc(sizeof(ip_nat_conf_t));
  return ret;
}

/** Free a removed ip_nat_conf_t item */
static void
ip_nat_free(ip_nat_conf_t *item)
{
  LWIP_ASSERT("item != NULL", item != NULL);
  mem_free(item);
}

/** Add a new NAT entry
 *
 * @param new_entry pointer to a structure used to initialize the entry
 * @return ERR_OK if succeeded
 */
err_t
ip_nat_add(const ip_nat_entry_t *new_entry)
{
  err_t err = ERR_VAL;
  ip_nat_conf_t *cur = ip_nat_cfg;
  ip_nat_conf_t *ip_nat_cfg_new = ip_nat_alloc();
  LWIP_ASSERT("new_entry != NULL", new_entry != NULL);

  if (ip_nat_cfg_new != NULL) {
    SMEMCPY(&ip_nat_cfg_new->entry, new_entry, sizeof(ip_nat_entry_t));
    ip_nat_cfg_new->next = NULL;

    ip_nat_dbg_dump_init(ip_nat_cfg_new);

    if (ip_nat_cfg == NULL) {
      ip_nat_cfg = ip_nat_cfg_new;
    } else {
      /* @todo: do we really need to enqueue the new entry at the end?? */
      while (cur->next != NULL) {
        cur = cur->next;
      }
      cur->next = ip_nat_cfg_new;
    }
    err = ERR_OK;
  } else {
    err = ERR_MEM;
  }
  return err;
}

/** Remove a NAT entry previously added by 'ip_nat_add()'.
 *
 * @param remove_entry describes the entry to remove
 */
void
ip_nat_remove(const ip_nat_entry_t *remove_entry)
{
  ip_nat_conf_t *cur = ip_nat_cfg;
  ip_nat_conf_t *next;
  ip_nat_conf_t *previous = NULL;

  while (cur != NULL) {
    /* Remove the NAT interfaces */
    if ((cur->entry.source_net.addr     == remove_entry->source_net.addr) &&
        (cur->entry.source_netmask.addr == remove_entry->source_netmask.addr) &&
        (cur->entry.dest_net.addr       == remove_entry->dest_net.addr) &&
        (cur->entry.dest_netmask.addr   == remove_entry->dest_netmask.addr) &&
        (cur->entry.out_if              == remove_entry->out_if) &&
        (cur->entry.in_if               == remove_entry->in_if))
    {
      ip_nat_dbg_dump_remove(cur);

      ip_nat_reset_state(cur);
      next = cur->next;
      if (cur == ip_nat_cfg) {
        ip_nat_cfg = next;
      } else {
        LWIP_ASSERT("NULL != previous", NULL != previous);
        previous->next = next;
      }
      /* free 'cur' or there will be a memory leak */
      ip_nat_free(cur);
      return;
    } else {
      previous = cur;
      cur = cur->next;
    }
  }
}

/** Reset a NAT configured entry to be reused.
 * Effectively calls IPNAT_ENTRY_RESET() on 'cfg'.
 *
 * @param cfg NAT entry to reset
 */
static void
ip_nat_reset_state(ip_nat_conf_t *cfg)
{
  int i;

  /* @todo: optimize this!!!
     why do we search for it anyway, if we have the pointer??? */
  for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_ICMP; i++) {
    if(ip_nat_icmp_table[i].common.cfg == cfg) {
      IPNAT_ENTRY_RESET(&ip_nat_icmp_table[i].common);
    }
  }
  for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_TCP; i++) {
    if(ip_nat_tcp_table[i].common.cfg == cfg) {
      IPNAT_ENTRY_RESET(&ip_nat_tcp_table[i].common);
    }
  }
  for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_UDP; i++) {
    if(ip_nat_udp_table[i].common.cfg == cfg) {
      IPNAT_ENTRY_RESET(&ip_nat_udp_table[i].common);
    }
  }
}

/** Check if this packet should be routed or should be translated
 *
 * @param iphdr the IP header to check
 * @return - a NAT entry if the packet shall be translated,
 *         - NULL if the packet shall be routed normally
 */
static ip_nat_conf_t *
ip_nat_shallnat(const struct ip_hdr *iphdr)
{
  ip_nat_conf_t *nat_config = ip_nat_cfg;

  for (nat_config = ip_nat_cfg; nat_config != NULL; nat_config = nat_config->next) {
      if (ip_addr_netcmp(&(iphdr->dest), &(nat_config->entry.dest_net),
                       &(nat_config->entry.dest_netmask)) ||
      ip_addr_netcmp(&(iphdr->src), &(nat_config->entry.source_net),
                     &(nat_config->entry.source_netmask))) {
        break;
    }
  }

  return nat_config;
}

/** Check if the IP header can be hidden and if the remaining packet
 * is long enough. p->payload is reset to the IP header on return.
 *
 * @param p received packet, p->payload pointing to IP header
 * @param min_size minimum p->tot_len after hiding IP header
 * @return a pointer to the next header (after IP header),
 *         NULL if hiding IP header fails or the packet is too short
 */
static void*
ip_nat_check_header(struct pbuf *p, u16_t min_size)
{
  void *ret = NULL;
  struct ip_hdr  *iphdr = (struct ip_hdr*)p->payload;
  s16_t iphdr_len = IPH_HL(iphdr) * 4;

  if(!pbuf_header(p, -iphdr_len)) {
    if(p->tot_len >= min_size) {
      ret = p->payload;
    }
    /* Restore pbuf payload pointer from previous header check. */
    pbuf_header(p, iphdr_len);
  }
  return ret;
}

/** Input processing: check if a received packet belongs to a NAT entry
 * and if so, translated it and send it on.
 *
 * @param p received packet
 * @return 1 if the packet has been consumed (it was a NAT packet),
 *         0 if the packet has not been consumed (no NAT packet)
 */
u8_t
ip_nat_input(struct pbuf *p)
{
  struct ip_hdr        *iphdr = (struct ip_hdr*)p->payload;
  struct tcp_hdr       *tcphdr;
  struct udp_hdr       *udphdr;
  struct icmp_echo_hdr *icmphdr;
  nat_entry_t           nat_entry;
  err_t                 err;
  u8_t                  consumed = 0;
  int                   i;
  struct pbuf          *q = NULL;

  nat_entry.cmn = NULL;
  ip_nat_dbg_dump("ip_nat_in: checking nat for", iphdr);

  switch (IPH_PROTO(iphdr)) {
    case IP_PROTO_TCP:
      tcphdr = (struct tcp_hdr*)ip_nat_check_header(p, sizeof(struct tcp_hdr));
      if (tcphdr == NULL) {
        LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_input: short tcp packet (%" U16_F " bytes) discarded\n", p->tot_len));
      } else {
        nat_entry.tcp = ip_nat_tcp_lookup_incoming(iphdr, tcphdr);
        if (nat_entry.tcp != NULL) {
          /* Refresh TCP entry */
          nat_entry.tcp->common.ttl = LWIP_NAT_DEFAULT_TTL_SECONDS;
          tcphdr->dest = nat_entry.tcp->sport;
          /* Adjust TCP checksum for changed destination port */
          ip_nat_chksum_adjust((u8_t *)&(tcphdr->chksum),
            (u8_t *)&(nat_entry.tcp->nport), 2, (u8_t *)&(tcphdr->dest), 2);
          /* Adjust TCP checksum for changing dest IP address */
          ip_nat_chksum_adjust((u8_t *)&(tcphdr->chksum),
            (u8_t *)&(nat_entry.cmn->cfg->entry.out_if->ip_addr.addr), 4,
            (u8_t *)&(nat_entry.cmn->source.addr), 4);

          consumed = 1;
        }
      }
      break;

    case IP_PROTO_UDP:
      udphdr = (struct udp_hdr *)ip_nat_check_header(p, sizeof(struct udp_hdr));
      if (udphdr == NULL) {
        LWIP_DEBUGF(LWIP_NAT_DEBUG,
          ("ip_nat_input: short udp packet (%" U16_F " bytes) discarded\n",
          p->tot_len));
      } else {
        nat_entry.udp = ip_nat_udp_lookup_incoming(iphdr, udphdr);
        if (nat_entry.udp != NULL) {
          /* Refresh UDP entry */
          nat_entry.udp->common.ttl = LWIP_NAT_DEFAULT_TTL_SECONDS;
          udphdr->dest = nat_entry.udp->sport;
          /* Adjust UDP checksum for changed destination port */
          ip_nat_chksum_adjust((u8_t *)&(udphdr->chksum),
            (u8_t *)&(nat_entry.udp->nport), 2, (u8_t *)&(udphdr->dest), 2);
          /* Adjust UDP checksum for changing dest IP address */
          ip_nat_chksum_adjust((u8_t *)&(udphdr->chksum),
            (u8_t *)&(nat_entry.cmn->cfg->entry.out_if->ip_addr.addr), 4,
            (u8_t *)&(nat_entry.cmn->source.addr), 4);

          consumed = 1;
        }
      }
      break;

    case IP_PROTO_ICMP:
      icmphdr = (struct icmp_echo_hdr *)ip_nat_check_header(p, sizeof(struct icmp_echo_hdr));
      if (icmphdr == NULL) {
        LWIP_DEBUGF(LWIP_NAT_DEBUG,
          ("ip_nat_out: short icmp echo reply packet (%" U16_F " bytes) discarded\n",
          p->tot_len));
      } else {
        if (ICMP_ER == ICMPH_TYPE(icmphdr)) {
          for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_ICMP; i++) {
            nat_entry.icmp = &ip_nat_icmp_table[i];
            if ((nat_entry.icmp->common.ttl) &&
                (iphdr->src.addr == nat_entry.icmp->common.dest.addr) &&
                (nat_entry.icmp->id == icmphdr->id) &&
                (nat_entry.icmp->seqno == icmphdr->seqno)) {
              ip_nat_dbg_dump_icmp_nat_entry("found existing nat entry: ", nat_entry.icmp);
              consumed = 1;
              IPNAT_ENTRY_RESET(nat_entry.cmn);
              break;
            }
          }
        }
      }
      break;

    default:
      break;
  }

  if(consumed) {
    /* packet consumed, send it out on in_if */
    struct netif *in_if;

    /* check if the pbuf has room for link headers */
    if (pbuf_header(p, PBUF_LINK_HLEN)) {
      /* pbuf has no room for link headers, allocate an extra pbuf */
      q = pbuf_alloc(PBUF_LINK, 0, PBUF_RAM);
      if (q == NULL) {
        LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_input: no pbuf for outgoing header\n"));
        // rt_kprintf("ip_nat_input: no pbuf for outgoing header\n");
        /* @todo: stats? */
        pbuf_free(p);
        p = NULL;
        return 1;
      } else {
        pbuf_cat(q, p);
      }
    } else {
      /* restore p->payload to IP header */
      if (pbuf_header(p, -PBUF_LINK_HLEN)) {
        LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_input: restoring header failed\n"));
        // rt_kprintf("ip_nat_input: restoring header failed\n");
        /* @todo: stats? */
        pbuf_free(p);
        p = NULL;
        return 1;
      }
      else q = p;
    }
    /* if we come here, q is the pbuf to send (either points to p or to a chain) */
    in_if = nat_entry.cmn->cfg->entry.in_if;
    iphdr->dest.addr = nat_entry.cmn->source.addr;
    ip_nat_chksum_adjust((u8_t *) & IPH_CHKSUM(iphdr),
      (u8_t *) & (nat_entry.cmn->cfg->entry.out_if->ip_addr.addr), 4,
      (u8_t *) & (iphdr->dest.addr), 4);

    ip_nat_dbg_dump("ip_nat_input: packet back to source after nat: ", iphdr);
    LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_input: sending packet on interface ("));
    ip_nat_dbg_dump_ip(&(in_if->ip_addr));
    LWIP_DEBUGF(LWIP_NAT_DEBUG, (")\n"));

    err = in_if->output(in_if, q, (ip_addr_t *)&(iphdr->dest));
    if(err != ERR_OK) {
      LWIP_DEBUGF(LWIP_NAT_DEBUG,
        ("ip_nat_input: failed to send rewritten packet. link layer returned %d\n",
        err));
      // rt_kprintf("ip_nat_input: failed to send rewritten packet. link layer returned %d\n", err);
    }
    /* now that q (and/or p) is sent (or not), give up the reference to it
       this frees the input pbuf (p) as we have consumed it. */
    pbuf_free(q);
  }
  return consumed;
}

/** Check if one NAT entry timed out */
static void
ip_nat_check_timeout(ip_nat_entry_common_t *nat_entry)
{
  if(nat_entry->ttl > 0) {
    if(nat_entry->ttl != LWIP_NAT_TTL_INFINITE) {
      /* this is not a 'no-timeout' entry */
      if(nat_entry->ttl > LWIP_NAT_TMR_INTERVAL_SEC) {
        nat_entry->ttl -= LWIP_NAT_TMR_INTERVAL_SEC;
      } else {
        nat_entry->ttl = 0;
      }
    }
  }
}

/** The NAT timer function, to be called at an interval of
 * LWIP_NAT_TMR_INTERVAL_SEC seconds.
 */
void
ip_nat_tmr(void)
{
  int i;

  LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_tmr: removing old entries\n"));

  for(i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_ICMP; i++) {
    ip_nat_check_timeout((ip_nat_entry_common_t *) & ip_nat_icmp_table[i]);
  }
  for(i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_TCP; i++) {
    ip_nat_check_timeout((ip_nat_entry_common_t *) & ip_nat_tcp_table[i]);
  }
  for(i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_UDP; i++) {
    ip_nat_check_timeout((ip_nat_entry_common_t *) & ip_nat_udp_table[i]);
  }
}

/** Check if we want to perform NAT with this packet. If so, send it out on
 * the correct interface.
 *
 * @param p the packet to test/send
 * @return 1: the packet has been sent using NAT,
 *         0: the packet did not belong to a NAT entry
 */
u8_t
ip_nat_out(struct pbuf *p)
{
  u8_t                  sent = 0;
  err_t                 err;
  struct ip_hdr        *iphdr = p->payload;
  struct icmp_echo_hdr *icmphdr;
  struct tcp_hdr       *tcphdr;
  struct udp_hdr       *udphdr;
  ip_nat_conf_t        *nat_config;
  nat_entry_t           nat_entry;
  int             i;

  nat_entry.cmn = NULL;

  ip_nat_dbg_dump("ip_nat_out: checking nat for", iphdr);

  /* Check if this packet should be routed or should be translated */
  nat_config = ip_nat_shallnat(iphdr);
  if (nat_config != NULL ) {
    if (nat_config->entry.out_if == NULL) {
      LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_out: no external interface for nat table entry\n"));
    } else {
      switch (IPH_PROTO(iphdr))
      {
      case IP_PROTO_TCP:
        tcphdr = (struct tcp_hdr *)ip_nat_check_header(p, sizeof(struct tcp_hdr));
        if (tcphdr == NULL) {
          LWIP_DEBUGF(LWIP_NAT_DEBUG,
            ("ip_nat_out: short tcp packet (%" U16_F " bytes) discarded\n", p->tot_len));
        } else {
          nat_entry.tcp = ip_nat_tcp_lookup_outgoing(nat_config, iphdr, tcphdr, 1);
          if (nat_entry.tcp != NULL) {
            /* Adjust TCP checksum for changing source port */
            tcphdr->src = nat_entry.tcp->nport;
            ip_nat_chksum_adjust((u8_t *)&(tcphdr->chksum),
              (u8_t *)&(nat_entry.tcp->sport), 2, (u8_t *)&(tcphdr->src), 2);
            /* Adjust TCP checksum for changing source IP address */
            ip_nat_chksum_adjust((u8_t *)&(tcphdr->chksum),
              (u8_t *)&(nat_entry.cmn->source.addr), 4,
              (u8_t *)&(nat_entry.cmn->cfg->entry.out_if->ip_addr.addr), 4);
          }
        }
        break;

      case IP_PROTO_UDP:
        udphdr = (struct udp_hdr *)ip_nat_check_header(p, sizeof(struct udp_hdr));
        if (udphdr == NULL) {
          LWIP_DEBUGF(LWIP_NAT_DEBUG,
            ("ip_nat_out: short udp packet (%" U16_F " bytes) discarded\n", p->tot_len));
        } else {
          nat_entry.udp = ip_nat_udp_lookup_outgoing(nat_config, iphdr, udphdr, 1);
          if (nat_entry.udp != NULL) {
            /* Adjust UDP checksum for changing source port */
            udphdr->src = nat_entry.udp->nport;
            ip_nat_chksum_adjust((u8_t *)&(udphdr->chksum),
              (u8_t *)&(nat_entry.udp->sport), 2, (u8_t *) & (udphdr->src), 2);
            /* Adjust UDP checksum for changing source IP address */
            ip_nat_chksum_adjust((u8_t *)&(udphdr->chksum),
              (u8_t *)&(nat_entry.cmn->source.addr), 4,
              (u8_t *)&(nat_entry.cmn->cfg->entry.out_if->ip_addr.addr), 4);
          }
        }
        break;

      case IP_PROTO_ICMP:
        icmphdr = (struct icmp_echo_hdr *)ip_nat_check_header(p, sizeof(struct icmp_echo_hdr));
        if(icmphdr == NULL) {
          LWIP_DEBUGF(LWIP_NAT_DEBUG,
            ("ip_nat_out: short icmp echo packet (%" U16_F " bytes) discarded\n", p->tot_len));
        } else {
          if (ICMPH_TYPE(icmphdr) == ICMP_ECHO) {
            for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_ICMP; i++) {
              if (!ip_nat_icmp_table[i].common.ttl) {
                nat_entry.icmp = &ip_nat_icmp_table[i];
                ip_nat_cmn_init(nat_config, iphdr, nat_entry.cmn);
                nat_entry.icmp->id = icmphdr->id;
                nat_entry.icmp->seqno = icmphdr->seqno;
                ip_nat_dbg_dump_icmp_nat_entry(" ip_nat_out: created new NAT entry ", nat_entry.icmp);
                break;
              }
            }
            if (NULL == nat_entry.icmp)
            {
              LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_out: no more NAT entries for ICMP available\n"));
            }
          }
        }
        break;
      default:
        break;
      }

      if (nat_entry.cmn != NULL) {
        struct netif *out_if = nat_entry.cmn->cfg->entry.out_if;
        /* Exchange the IP source address with the address of the interface
        * where the packet will be sent.
        */
        /* @todo: check nat_config->entry.out_if agains nat_entry.cmn->cfg->entry.out_if */
        iphdr->src.addr = nat_config->entry.out_if->ip_addr.addr;
        ip_nat_chksum_adjust((u8_t *) & IPH_CHKSUM(iphdr),
          (u8_t *) & (nat_entry.cmn->source.addr), 4, (u8_t *) & iphdr->src.addr, 4);

        ip_nat_dbg_dump("ip_nat_out: rewritten packet", iphdr);
        LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_out: sending packet on interface ("));
        ip_nat_dbg_dump_ip(&(out_if->ip_addr));
        LWIP_DEBUGF(LWIP_NAT_DEBUG, (")\n"));

        err = out_if->output(out_if, p, (ip_addr_t *)&(iphdr->dest));
        if (err != ERR_OK) {
          LWIP_DEBUGF(LWIP_NAT_DEBUG,
            ("ip_nat_out: failed to send rewritten packet. link layer returned %d\n", err));
          // rt_kprintf("ip_nat_out: failed to send rewritten packet. link layer returned %d\n", err);
        } else {
          sent = 1;
        }
      }
    }
  }

  return sent;
}

/** Initialize common parts of a NAT entry
 *
 * @param nat_config NAT config entry
 * @param iphdr IP header from which to initialize the entry
 * @param nat_entry entry to initialize
 */
static void
ip_nat_cmn_init(ip_nat_conf_t *nat_config, const struct ip_hdr *iphdr, ip_nat_entry_common_t *nat_entry)
{
  LWIP_ASSERT("NULL != nat_entry", NULL != nat_entry);
  LWIP_ASSERT("NULL != nat_config", NULL != nat_config);
  LWIP_ASSERT("NULL != iphdr", NULL != iphdr);
  nat_entry->cfg = nat_config;
  nat_entry->dest = *((ip_addr_t *)&iphdr->dest);
  nat_entry->source = *((ip_addr_t *)&iphdr->src);
  nat_entry->ttl = LWIP_NAT_DEFAULT_TTL_SECONDS;
}

/**
 * This function checks for incoming packets if we already have a NAT entry.
 * If yes a pointer to the NAT entry is returned. Otherwise NULL.
 *
 * @param nat_config NAT configuration.
 * @param iphdr The IP header.
 * @param udphdr The UDP header.
 * @return A pointer to an existing NAT entry or
 *         NULL if none is found.
 */
static ip_nat_entries_udp_t *
ip_nat_udp_lookup_incoming(const struct ip_hdr *iphdr, const struct udp_hdr *udphdr)
{
  int i;
  ip_nat_entries_udp_t *nat_entry = NULL;

  for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_UDP; i++) {
    if (ip_nat_udp_table[i].common.ttl) {
      if ((iphdr->src.addr == ip_nat_udp_table[i].common.dest.addr) &&
          (udphdr->src == ip_nat_udp_table[i].dport) &&
          (udphdr->dest == ip_nat_udp_table[i].nport)) {
        nat_entry = &ip_nat_udp_table[i];
        ip_nat_dbg_dump_udp_nat_entry("ip_nat_udp_lookup_incoming: found existing nat entry: ",
                                      nat_entry);
        break;
      }
    }
  }
  return nat_entry;
}

/**
 * This function checks if we already have a NAT entry for this UDP connection.
 * If yes the a pointer to this NAT entry is returned.
 *
 * @param iphdr The IP header.
 * @param udphdr The UDP header.
 * @param allocate If no existing NAT entry is found and this flag is true
 *        a NAT entry is allocated.
 */
static ip_nat_entries_udp_t *
ip_nat_udp_lookup_outgoing(ip_nat_conf_t *nat_config, const struct ip_hdr *iphdr,
                           const struct udp_hdr *udphdr, u8_t allocate)
{
  int i;
  nat_entry_t nat_entry;
  int last_free = -1;

  nat_entry.cmn = NULL;
  for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_UDP; i++) {
    if (ip_nat_udp_table[i].common.ttl) {
      if ((iphdr->src.addr == ip_nat_udp_table[i].common.source.addr) &&
          (iphdr->dest.addr == ip_nat_udp_table[i].common.dest.addr) &&
          (udphdr->src == ip_nat_udp_table[i].sport) &&
          (udphdr->dest == ip_nat_udp_table[i].dport)) {
        nat_entry.udp = &ip_nat_udp_table[i];

        ip_nat_dbg_dump_udp_nat_entry("ip_nat_udp_lookup_outgoing: found existing nat entry: ",
                                      nat_entry.udp);
        break;
      }
    } else {
        last_free = i;
    }
  }
  if (nat_entry.cmn == NULL) {
    if (allocate) {
      if (last_free != -1) {
        nat_entry.udp = &ip_nat_udp_table[last_free];
        nat_entry.udp->nport = htons((u16_t) (LWIP_NAT_DEFAULT_UDP_SOURCE_PORT + i));
        nat_entry.udp->sport = udphdr->src;
        nat_entry.udp->dport = udphdr->dest;
        ip_nat_cmn_init(nat_config, iphdr, nat_entry.cmn);

        ip_nat_dbg_dump_udp_nat_entry("ip_nat_udp_lookup_outgoing: created new nat entry: ",
                                      nat_entry.udp);
      } else {
        LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_udp_lookup_outgoing: no more NAT entries available\n"));
        // rt_kprintf("ip_nat_udp_lookup_outgoing: no more NAT entries available\n");
      }
    }
  }
  return nat_entry.udp;
}

/**
 * This function checks for incoming packets if we already have a NAT entry.
 * If yes a pointer to the NAT entry is returned. Otherwise NULL.
 *
 * @param nat_config NAT configuration.
 * @param iphdr The IP header.
 * @param tcphdr The TCP header.
 * @return A pointer to an existing NAT entry or NULL if none is found.
 */
static ip_nat_entries_tcp_t *
ip_nat_tcp_lookup_incoming(const struct ip_hdr *iphdr, const struct tcp_hdr *tcphdr)
{
  int i;
  ip_nat_entries_tcp_t *nat_entry = NULL;

  for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_TCP; i++) {
    if (ip_nat_tcp_table[i].common.ttl) {
      if ((iphdr->src.addr == ip_nat_tcp_table[i].common.dest.addr) &&
          (tcphdr->src == ip_nat_tcp_table[i].dport) &&
          (tcphdr->dest == ip_nat_tcp_table[i].nport)) {
        nat_entry = &ip_nat_tcp_table[i];

        ip_nat_dbg_dump_tcp_nat_entry("ip_nat_tcp_lookup_incoming: found existing nat entry: ",
                                      nat_entry);
        break;
      }
    }
  }
  return nat_entry;
}

/**
 * This function checks if we already have a NAT entry for this TCP connection.
 * If yes the a pointer to this NAT entry is returned.
 *
 * @param iphdr The IP header.
 * @param tcphdr The TCP header.
 * @param allocate If no existing NAT entry is found and this flag is true
 *   a NAT entry is allocated.
 */
static ip_nat_entries_tcp_t *
ip_nat_tcp_lookup_outgoing(ip_nat_conf_t *nat_config, const struct ip_hdr *iphdr,
                           const struct tcp_hdr *tcphdr, u8_t allocate)
{
  int i;
  nat_entry_t nat_entry;
  int last_free = -1;

  nat_entry.cmn = NULL;
  for (i = 0; i < LWIP_NAT_DEFAULT_STATE_TABLES_TCP; i++) {
    if (ip_nat_tcp_table[i].common.ttl) {
      if ((iphdr->src.addr == ip_nat_tcp_table[i].common.source.addr) &&
          (iphdr->dest.addr == ip_nat_tcp_table[i].common.dest.addr) &&
          (tcphdr->src == ip_nat_tcp_table[i].sport) &&
          (tcphdr->dest == ip_nat_tcp_table[i].dport)) {
        nat_entry.tcp = &ip_nat_tcp_table[i];

        ip_nat_dbg_dump_tcp_nat_entry("ip_nat_tcp_lookup_outgoing: found existing nat entry: ",
                                      nat_entry.tcp);
        break;
      }
    } else {
        last_free = i;
    }
  }
  if (nat_entry.cmn == NULL) {
    if (allocate) {
      if (last_free != -1) {
        nat_entry.tcp = &ip_nat_tcp_table[last_free];
        nat_entry.tcp->nport = htons((u16_t) (LWIP_NAT_DEFAULT_TCP_SOURCE_PORT + i));
        nat_entry.tcp->sport = tcphdr->src;
        nat_entry.tcp->dport = tcphdr->dest;
        ip_nat_cmn_init(nat_config, iphdr, nat_entry.cmn);

        ip_nat_dbg_dump_tcp_nat_entry("ip_nat_tcp_lookup_outgoing: created new nat entry: ",
                                      nat_entry.tcp);
      } else {
        LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_udp_lookup_outgoing: no more NAT entries available\n"));
        // rt_kprintf("ip_nat_udp_lookup_outgoing: no more NAT entries available\n");
      }
    }
  }
  return nat_entry.tcp;
}

/** Adjusts the checksum of a NAT'ed packet without having to completely recalculate it
 * @todo: verify this works for little- and big-endian
 *
 * @param chksum points to the chksum in the packet
 * @param optr points to the old data in the packet
 * @param olen length of old data
 * @param nptr points to the new data in the packet
 * @param nlen length of new data
 */
static void
ip_nat_chksum_adjust(u8_t *chksum, const u8_t *optr, s16_t olen, const u8_t *nptr, s16_t nlen)
{
  s32_t x, oldval, newval;

  LWIP_ASSERT("NULL != chksum", NULL != chksum);
  LWIP_ASSERT("NULL != optr", NULL != optr);
  LWIP_ASSERT("NULL != nptr", NULL != nptr);
  LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_chksum_adjust: chksum=%p, optr=%p, olen=%" U16_F ", nptr=%p, nlen=%" U16_F "\n",
    chksum, optr, olen, nptr, nlen));
  x = chksum[0] * 256 + chksum[1];
  x = ~x & 0xFFFF;
  while (olen) {
    oldval = optr[0] * 256 + optr[1];
    optr += 2;
    x -= oldval & 0xffff;
    if (x <= 0) {
      x--;
      x &= 0xffff;
    }
    olen -= 2;
  }
  while (nlen) {
    newval = nptr[0] * 256 + nptr[1];
    nptr += 2;
    x += newval & 0xffff;
    if (x & 0x10000) {
      x++;
      x &= 0xffff;
    }
    nlen -= 2;
  }
  x = ~x & 0xFFFF;
  chksum[0] = x / 256;
  chksum[1] = x & 0xff;
  LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_chksum_adjust: chksum = 0x%x\n", *((u16_t *) chksum)));
}

#if defined(LWIP_DEBUG) && (LWIP_NAT_DEBUG & LWIP_DBG_ON)
/**
 * This function dumps an IP address
 *
 * @param addr IP address
 */
static void
ip_nat_dbg_dump_ip(const ip_addr_t *addr)
{
  LWIP_ASSERT("NULL != addr", NULL != addr);
  LWIP_DEBUGF(LWIP_NAT_DEBUG, ("%" U16_F ".%" U16_F ".%" U16_F ".%" U16_F,
    ip4_addr1(addr), ip4_addr2(addr), ip4_addr3(addr), ip4_addr4(addr)));
}

/**
 * This function dumps an IP header
 *
 * @param msg a message to print
 * @param iphdr IP header
 */
static void
ip_nat_dbg_dump(const char *msg, const struct ip_hdr *iphdr)
{
  LWIP_ASSERT("NULL != msg", NULL != msg);
  LWIP_ASSERT("NULL != iphdr", NULL != iphdr);
  LWIP_DEBUGF(LWIP_NAT_DEBUG, ("%s: IP: (", msg));
  ip_nat_dbg_dump_ip((ip_addr_t *)&(iphdr->src));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> "));
  ip_nat_dbg_dump_ip((ip_addr_t *)&(iphdr->dest));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (" id=%" U16_F ", chksum=%" U16_F ")\n",
    ntohs(IPH_ID(iphdr)), ntohs(IPH_CHKSUM(iphdr))));
}

/**
 * This function dumps an ICMP echo reply/recho request nat entry.
 *
 * @param msg a message to print
 * @param nat_entry the ICMP NAT entry to print
 */
static void
ip_nat_dbg_dump_icmp_nat_entry(const char *msg, const ip_nat_entries_icmp_t *nat_entry)
{
  LWIP_ASSERT("NULL != msg", NULL != msg);
  LWIP_ASSERT("NULL != nat_entry", NULL != nat_entry);
  LWIP_ASSERT("NULL != nat_entry->common.cfg", NULL != nat_entry->common.cfg);
  LWIP_ASSERT("NULL != nat_entry->common.cfg->entry.out_if",
    NULL != nat_entry->common.cfg->entry.out_if);
  LWIP_DEBUGF(LWIP_NAT_DEBUG, ("%s", msg));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ICMP : ("));
  ip_nat_dbg_dump_ip(&(nat_entry->common.source));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> "));
  ip_nat_dbg_dump_ip(&(nat_entry->common.dest));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (" id=%" U16_F, ntohs(nat_entry->id)));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (", seq=%" U16_F, ntohs(nat_entry->seqno)));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (") mapped at ("));
  ip_nat_dbg_dump_ip(&(nat_entry->common.cfg->entry.out_if->ip_addr));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> "));
  ip_nat_dbg_dump_ip(&(nat_entry->common.dest));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (" id=%" U16_F, ntohs(nat_entry->id)));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (", seq=%" U16_F, ntohs(nat_entry->seqno)));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (")\n"));
}

/**
 * This function dumps an TCP nat entry.
 *
 * @param msg a message to print
 * @param nat_entry the TCP NAT entry to print
 */
static void
ip_nat_dbg_dump_tcp_nat_entry(const char *msg, const ip_nat_entries_tcp_t *nat_entry)
{
  LWIP_ASSERT("NULL != msg", NULL != msg);
  LWIP_ASSERT("NULL != nat_entry", NULL != nat_entry);
  LWIP_ASSERT("NULL != nat_entry->common.cfg", NULL != nat_entry->common.cfg);
  LWIP_ASSERT("NULL != nat_entry->common.cfg->entry.out_if",
    NULL != nat_entry->common.cfg->entry.out_if);
  LWIP_DEBUGF(LWIP_NAT_DEBUG, ("%s", msg));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, ("TCP : ("));
  ip_nat_dbg_dump_ip(&(nat_entry->common.source));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (":%" U16_F, ntohs(nat_entry->sport)));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> "));
  ip_nat_dbg_dump_ip(&(nat_entry->common.dest));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (":%" U16_F, ntohs(nat_entry->dport)));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (") mapped at ("));
  ip_nat_dbg_dump_ip(&(nat_entry->common.cfg->entry.out_if->ip_addr));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (":%" U16_F, ntohs(nat_entry->nport)));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> "));
  ip_nat_dbg_dump_ip(&(nat_entry->common.dest));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (":%" U16_F, ntohs(nat_entry->dport)));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (")\n"));
}

/**
 * This function dumps a UDP NAT entry.
 *
 * @param msg a message to print
 * @param nat_entry the UDP NAT entry to print
 */
static void
ip_nat_dbg_dump_udp_nat_entry(const char *msg, const ip_nat_entries_udp_t *nat_entry)
{
  LWIP_ASSERT("NULL != msg", NULL != msg);
  LWIP_ASSERT("NULL != nat_entry", NULL != nat_entry);
  LWIP_ASSERT("NULL != nat_entry->common.cfg", NULL != nat_entry->common.cfg);
  LWIP_ASSERT("NULL != nat_entry->common.cfg->entry.out_if",
    NULL != nat_entry->common.cfg->entry.out_if);
  LWIP_DEBUGF(LWIP_NAT_DEBUG, ("%s", msg));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, ("UDP : ("));
  ip_nat_dbg_dump_ip(&(nat_entry->common.source));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (":%" U16_F, ntohs(nat_entry->sport)));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> "));
  ip_nat_dbg_dump_ip(&(nat_entry->common.dest));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (":%" U16_F, ntohs(nat_entry->dport)));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (") mapped at ("));
  ip_nat_dbg_dump_ip(&(nat_entry->common.cfg->entry.out_if->ip_addr));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (":%" U16_F, ntohs(nat_entry->nport)));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> "));
  ip_nat_dbg_dump_ip(&(nat_entry->common.dest));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (":%" U16_F, ntohs(nat_entry->dport)));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (")\n"));
}

/** Prints some info when creating a new NAT entry */
static void
ip_nat_dbg_dump_init(ip_nat_conf_t *ip_nat_cfg_new)
{
  LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_init: added new NAT interface\n"));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_init:   "));
  ip_nat_dbg_dump_ip(&(ip_nat_cfg_new->entry.source_net));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, ("/"));
  ip_nat_dbg_dump_ip(&(ip_nat_cfg_new->entry.source_netmask));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, ("@"));
  ip_nat_dbg_dump_ip(&(ip_nat_cfg_new->entry.in_if->ip_addr));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> "));
  ip_nat_dbg_dump_ip(&(ip_nat_cfg_new->entry.dest_net));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, ("/"));
  ip_nat_dbg_dump_ip(&(ip_nat_cfg_new->entry.dest_netmask));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, ("@"));
  ip_nat_dbg_dump_ip(&(ip_nat_cfg_new->entry.out_if->ip_addr));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, ("\n"));
}

/** Prints some info when removing a NAT entry */
static void
ip_nat_dbg_dump_remove(ip_nat_conf_t *cur)
{
  LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_remove: removing existing NAT interface\n"));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, ("ip_nat_remove:   "));
  ip_nat_dbg_dump_ip(&(cur->entry.source_net));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, ("/"));
  ip_nat_dbg_dump_ip(&(cur->entry.source_netmask));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, ("@"));
  ip_nat_dbg_dump_ip(&(cur->entry.in_if->ip_addr));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, (" --> "));
  ip_nat_dbg_dump_ip(&(cur->entry.dest_net));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, ("/"));
  ip_nat_dbg_dump_ip(&(cur->entry.dest_netmask));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, ("@"));
  ip_nat_dbg_dump_ip(&(cur->entry.out_if->ip_addr));
  LWIP_DEBUGF(LWIP_NAT_DEBUG, ("\n"));
}
#endif /* defined(LWIP_DEBUG) && (LWIP_NAT_DEBUG & LWIP_DBG_ON) */

#endif /* IP_NAT */