147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org/*
247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org *
447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org *  Use of this source code is governed by a BSD-style license
547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org *  that can be found in the LICENSE file in the root of the source
647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org *  tree. An additional intellectual property rights grant can be found
747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org *  in the file PATENTS.  All contributing project authors may
847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org *  be found in the AUTHORS file in the root of the source tree.
947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org */
1047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org
1147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#ifndef WEBRTC_BASE_FIREWALLSOCKETSERVER_H_
1247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#define WEBRTC_BASE_FIREWALLSOCKETSERVER_H_
1347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org
1447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include <vector>
1547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "webrtc/base/socketserver.h"
1647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "webrtc/base/criticalsection.h"
1747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org
1847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgnamespace rtc {
1947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org
2047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgclass FirewallManager;
2147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org
2247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org// This SocketServer shim simulates a rule-based firewall server.
2347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org
2447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgenum FirewallProtocol { FP_UDP, FP_TCP, FP_ANY };
2547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgenum FirewallDirection { FD_IN, FD_OUT, FD_ANY };
2647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org
2747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgclass FirewallSocketServer : public SocketServer {
2847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org public:
2947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  FirewallSocketServer(SocketServer * server,
3047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org                       FirewallManager * manager = NULL,
3147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org                       bool should_delete_server = false);
3247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  virtual ~FirewallSocketServer();
3347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org
3447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  SocketServer* socketserver() const { return server_; }
3547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  void set_socketserver(SocketServer* server) {
3647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org    if (server_ && should_delete_server_) {
3747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org      delete server_;
3847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org      server_ = NULL;
3947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org      should_delete_server_ = false;
4047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org    }
4147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org    server_ = server;
4247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  }
4347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org
4447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  // Settings to control whether CreateSocket or Socket::Listen succeed.
4547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  void set_udp_sockets_enabled(bool enabled) { udp_sockets_enabled_ = enabled; }
4647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  void set_tcp_sockets_enabled(bool enabled) { tcp_sockets_enabled_ = enabled; }
4747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  bool tcp_listen_enabled() const { return tcp_listen_enabled_; }
4847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  void set_tcp_listen_enabled(bool enabled) { tcp_listen_enabled_ = enabled; }
4947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org
5047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  // Rules govern the behavior of Connect/Accept/Send/Recv attempts.
5147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  void AddRule(bool allow, FirewallProtocol p = FP_ANY,
5247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org               FirewallDirection d = FD_ANY,
5347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org               const SocketAddress& addr = SocketAddress());
5447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  void AddRule(bool allow, FirewallProtocol p,
5547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org               const SocketAddress& src, const SocketAddress& dst);
5647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  void ClearRules();
5747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org
5847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  bool Check(FirewallProtocol p,
5947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org             const SocketAddress& src, const SocketAddress& dst);
6047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org
6147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  virtual Socket* CreateSocket(int type);
6247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  virtual Socket* CreateSocket(int family, int type);
6347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org
6447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  virtual AsyncSocket* CreateAsyncSocket(int type);
6547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  virtual AsyncSocket* CreateAsyncSocket(int family, int type);
6647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org
6747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  virtual void SetMessageQueue(MessageQueue* queue) {
6847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org    server_->SetMessageQueue(queue);
6947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  }
7047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  virtual bool Wait(int cms, bool process_io) {
7147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org    return server_->Wait(cms, process_io);
7247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  }
7347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  virtual void WakeUp() {
7447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org    return server_->WakeUp();
7547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  }
7647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org
7747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  Socket * WrapSocket(Socket * sock, int type);
7847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  AsyncSocket * WrapSocket(AsyncSocket * sock, int type);
7947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org
8047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org private:
8147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  SocketServer * server_;
8247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  FirewallManager * manager_;
8347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  CriticalSection crit_;
8447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  struct Rule {
8547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org    bool allow;
8647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org    FirewallProtocol p;
8747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org    FirewallDirection d;
8847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org    SocketAddress src;
8947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org    SocketAddress dst;
9047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  };
9147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  std::vector<Rule> rules_;
9247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  bool should_delete_server_;
9347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  bool udp_sockets_enabled_;
9447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  bool tcp_sockets_enabled_;
9547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  bool tcp_listen_enabled_;
9647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org};
9747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org
9847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org// FirewallManager allows you to manage firewalls in multiple threads together
9947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org
10047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgclass FirewallManager {
10147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org public:
10247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  FirewallManager();
10347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  ~FirewallManager();
10447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org
10547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  void AddServer(FirewallSocketServer * server);
10647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  void RemoveServer(FirewallSocketServer * server);
10747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org
10847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  void AddRule(bool allow, FirewallProtocol p = FP_ANY,
10947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org               FirewallDirection d = FD_ANY,
11047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org               const SocketAddress& addr = SocketAddress());
11147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  void ClearRules();
11247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org
11347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org private:
11447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  CriticalSection crit_;
11547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org  std::vector<FirewallSocketServer *> servers_;
11647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org};
11747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org
11847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org}  // namespace rtc
11947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org
12047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#endif  // WEBRTC_BASE_FIREWALLSOCKETSERVER_H_
121