1f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch/* 2f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * libjingle 3f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * Copyright 2004--2005, Google Inc. 4f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * 5f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * Redistribution and use in source and binary forms, with or without 6f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * modification, are permitted provided that the following conditions are met: 7f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * 8f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * 1. Redistributions of source code must retain the above copyright notice, 9f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * this list of conditions and the following disclaimer. 10f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * 2. Redistributions in binary form must reproduce the above copyright notice, 11f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * this list of conditions and the following disclaimer in the documentation 12f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * and/or other materials provided with the distribution. 13f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * 3. The name of the author may not be used to endorse or promote products 14f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * derived from this software without specific prior written permission. 15f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * 16f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 17f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 18f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 19f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 20f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 21f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 22f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 23f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 24f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 25f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch */ 27f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 28f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#ifndef TALK_BASE_FIREWALLSOCKETSERVER_H_ 29f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#define TALK_BASE_FIREWALLSOCKETSERVER_H_ 30f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 31f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#include <vector> 32f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#include "talk/base/socketserver.h" 33f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#include "talk/base/criticalsection.h" 34f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 35f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdochnamespace talk_base { 36f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 37f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdochclass FirewallManager; 38f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 39f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch// This SocketServer shim simulates a rule-based firewall server. 40f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 41f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdochenum FirewallProtocol { FP_UDP, FP_TCP, FP_ANY }; 42f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdochenum FirewallDirection { FD_IN, FD_OUT, FD_ANY }; 43f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 44f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdochclass FirewallSocketServer : public SocketServer { 45f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch public: 46f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch FirewallSocketServer(SocketServer * server, 47f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch FirewallManager * manager = NULL, 48f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch bool should_delete_server = false); 49f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch virtual ~FirewallSocketServer(); 50f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 51f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch SocketServer* socketserver() const { return server_; } 52f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch void set_socketserver(SocketServer* server) { 53f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch if (server_ && should_delete_server_) { 54f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch delete server_; 55f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch server_ = NULL; 56f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch should_delete_server_ = false; 57f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch } 58f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch server_ = server; 59f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch } 60f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 61f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch // Settings to control whether CreateSocket or Socket::Listen succeed. 62f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch void set_udp_sockets_enabled(bool enabled) { udp_sockets_enabled_ = enabled; } 63f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch void set_tcp_sockets_enabled(bool enabled) { tcp_sockets_enabled_ = enabled; } 64f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch bool tcp_listen_enabled() const { return tcp_listen_enabled_; } 65f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch void set_tcp_listen_enabled(bool enabled) { tcp_listen_enabled_ = enabled; } 66f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 67f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch // Rules govern the behavior of Connect/Accept/Send/Recv attempts. 68f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch void AddRule(bool allow, FirewallProtocol p = FP_ANY, 69f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch FirewallDirection d = FD_ANY, 70f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch const SocketAddress& addr = SocketAddress()); 71f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch void AddRule(bool allow, FirewallProtocol p, 72f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch const SocketAddress& src, const SocketAddress& dst); 73f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch void ClearRules(); 74f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 75f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch bool Check(FirewallProtocol p, 76f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch const SocketAddress& src, const SocketAddress& dst); 77f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 78f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch virtual Socket* CreateSocket(int type); 79f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch virtual AsyncSocket* CreateAsyncSocket(int type); 80f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch virtual void SetMessageQueue(MessageQueue* queue) { 81f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch server_->SetMessageQueue(queue); 82f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch } 83f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch virtual bool Wait(int cms, bool process_io) { 84f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch return server_->Wait(cms, process_io); 85f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch } 86f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch virtual void WakeUp() { 87f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch return server_->WakeUp(); 88f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch } 89f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 90f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch Socket * WrapSocket(Socket * sock, int type); 91f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch AsyncSocket * WrapSocket(AsyncSocket * sock, int type); 92f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 93f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch private: 94f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch SocketServer * server_; 95f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch FirewallManager * manager_; 96f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch CriticalSection crit_; 97f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch struct Rule { 98f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch bool allow; 99f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch FirewallProtocol p; 100f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch FirewallDirection d; 101f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch SocketAddress src; 102f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch SocketAddress dst; 103f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch }; 104f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch std::vector<Rule> rules_; 105f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch bool should_delete_server_; 106f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch bool udp_sockets_enabled_; 107f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch bool tcp_sockets_enabled_; 108f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch bool tcp_listen_enabled_; 109f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch}; 110f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 111f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch// FirewallManager allows you to manage firewalls in multiple threads together 112f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 113f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdochclass FirewallManager { 114f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch public: 115f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch FirewallManager(); 116f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch ~FirewallManager(); 117f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 118f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch void AddServer(FirewallSocketServer * server); 119f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch void RemoveServer(FirewallSocketServer * server); 120f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 121f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch void AddRule(bool allow, FirewallProtocol p = FP_ANY, 122f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch FirewallDirection d = FD_ANY, 123f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch const SocketAddress& addr = SocketAddress()); 124f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch void ClearRules(); 125f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 126f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch private: 127f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch CriticalSection crit_; 128f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch std::vector<FirewallSocketServer *> servers_; 129f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch}; 130f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 131f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch} // namespace talk_base 132f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 133f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#endif // TALK_BASE_FIREWALLSOCKETSERVER_H_ 134