147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org/* 247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org * Copyright 2004 The WebRTC Project Authors. All rights reserved. 347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org * 447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org * Use of this source code is governed by a BSD-style license 547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org * that can be found in the LICENSE file in the root of the source 647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org * tree. An additional intellectual property rights grant can be found 747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org * in the file PATENTS. All contributing project authors may 847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org * be found in the AUTHORS file in the root of the source tree. 947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org */ 1047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 1147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#ifndef WEBRTC_BASE_FIREWALLSOCKETSERVER_H_ 1247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#define WEBRTC_BASE_FIREWALLSOCKETSERVER_H_ 1347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 1447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include <vector> 1547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "webrtc/base/socketserver.h" 1647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "webrtc/base/criticalsection.h" 1747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 1847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgnamespace rtc { 1947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 2047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgclass FirewallManager; 2147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 2247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org// This SocketServer shim simulates a rule-based firewall server. 2347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 2447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgenum FirewallProtocol { FP_UDP, FP_TCP, FP_ANY }; 2547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgenum FirewallDirection { FD_IN, FD_OUT, FD_ANY }; 2647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 2747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgclass FirewallSocketServer : public SocketServer { 2847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org public: 2947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org FirewallSocketServer(SocketServer * server, 3047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org FirewallManager * manager = NULL, 3147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org bool should_delete_server = false); 3247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org virtual ~FirewallSocketServer(); 3347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 3447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org SocketServer* socketserver() const { return server_; } 3547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org void set_socketserver(SocketServer* server) { 3647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org if (server_ && should_delete_server_) { 3747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org delete server_; 3847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org server_ = NULL; 3947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org should_delete_server_ = false; 4047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org } 4147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org server_ = server; 4247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org } 4347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 4447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org // Settings to control whether CreateSocket or Socket::Listen succeed. 4547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org void set_udp_sockets_enabled(bool enabled) { udp_sockets_enabled_ = enabled; } 4647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org void set_tcp_sockets_enabled(bool enabled) { tcp_sockets_enabled_ = enabled; } 4747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org bool tcp_listen_enabled() const { return tcp_listen_enabled_; } 4847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org void set_tcp_listen_enabled(bool enabled) { tcp_listen_enabled_ = enabled; } 4947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 5047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org // Rules govern the behavior of Connect/Accept/Send/Recv attempts. 5147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org void AddRule(bool allow, FirewallProtocol p = FP_ANY, 5247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org FirewallDirection d = FD_ANY, 5347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org const SocketAddress& addr = SocketAddress()); 5447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org void AddRule(bool allow, FirewallProtocol p, 5547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org const SocketAddress& src, const SocketAddress& dst); 5647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org void ClearRules(); 5747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 5847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org bool Check(FirewallProtocol p, 5947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org const SocketAddress& src, const SocketAddress& dst); 6047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 6147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org virtual Socket* CreateSocket(int type); 6247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org virtual Socket* CreateSocket(int family, int type); 6347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 6447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org virtual AsyncSocket* CreateAsyncSocket(int type); 6547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org virtual AsyncSocket* CreateAsyncSocket(int family, int type); 6647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 6747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org virtual void SetMessageQueue(MessageQueue* queue) { 6847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org server_->SetMessageQueue(queue); 6947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org } 7047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org virtual bool Wait(int cms, bool process_io) { 7147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org return server_->Wait(cms, process_io); 7247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org } 7347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org virtual void WakeUp() { 7447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org return server_->WakeUp(); 7547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org } 7647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 7747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org Socket * WrapSocket(Socket * sock, int type); 7847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org AsyncSocket * WrapSocket(AsyncSocket * sock, int type); 7947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 8047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org private: 8147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org SocketServer * server_; 8247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org FirewallManager * manager_; 8347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org CriticalSection crit_; 8447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org struct Rule { 8547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org bool allow; 8647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org FirewallProtocol p; 8747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org FirewallDirection d; 8847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org SocketAddress src; 8947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org SocketAddress dst; 9047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org }; 9147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org std::vector<Rule> rules_; 9247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org bool should_delete_server_; 9347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org bool udp_sockets_enabled_; 9447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org bool tcp_sockets_enabled_; 9547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org bool tcp_listen_enabled_; 9647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org}; 9747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 9847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org// FirewallManager allows you to manage firewalls in multiple threads together 9947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 10047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgclass FirewallManager { 10147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org public: 10247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org FirewallManager(); 10347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org ~FirewallManager(); 10447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 10547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org void AddServer(FirewallSocketServer * server); 10647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org void RemoveServer(FirewallSocketServer * server); 10747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 10847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org void AddRule(bool allow, FirewallProtocol p = FP_ANY, 10947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org FirewallDirection d = FD_ANY, 11047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org const SocketAddress& addr = SocketAddress()); 11147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org void ClearRules(); 11247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 11347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org private: 11447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org CriticalSection crit_; 11547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org std::vector<FirewallSocketServer *> servers_; 11647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org}; 11747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 11847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org} // namespace rtc 11947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 12047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#endif // WEBRTC_BASE_FIREWALLSOCKETSERVER_H_ 121