iptables.h revision 40653d0e058ff0f7908b28874224bbb085e99905
1// Copyright 2014 The Chromium OS Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef FIREWALLD_IPTABLES_H_ 6#define FIREWALLD_IPTABLES_H_ 7 8#include <stdint.h> 9 10#include <set> 11#include <string> 12#include <utility> 13#include <vector> 14 15#include <base/macros.h> 16#include <chromeos/errors/error.h> 17 18#include "firewalld/dbus_adaptor/org.chromium.Firewalld.h" 19 20namespace firewalld { 21 22enum ProtocolEnum { kProtocolTcp, kProtocolUdp }; 23 24class IpTables : public org::chromium::FirewalldInterface { 25 public: 26 typedef std::pair<uint16_t, std::string> Hole; 27 28 IpTables(); 29 ~IpTables(); 30 31 // D-Bus methods. 32 bool PunchTcpHole(uint16_t in_port, const std::string& in_interface) override; 33 bool PunchUdpHole(uint16_t in_port, const std::string& in_interface) override; 34 bool PlugTcpHole(uint16_t in_port, const std::string& in_interface) override; 35 bool PlugUdpHole(uint16_t in_port, const std::string& in_interface) override; 36 37 bool RequestVpnSetup(const std::vector<std::string>& usernames, 38 const std::string& interface) override; 39 bool RemoveVpnSetup(const std::vector<std::string>& usernames, 40 const std::string& interface) override; 41 42 protected: 43 // Test-only. 44 explicit IpTables(const std::string& ip4_path, const std::string& ip6_path); 45 46 private: 47 friend class IpTablesTest; 48 49 bool PunchHole(uint16_t port, 50 const std::string& interface, 51 std::set<Hole>* holes, 52 ProtocolEnum protocol); 53 bool PlugHole(uint16_t port, 54 const std::string& interface, 55 std::set<Hole>* holes, 56 ProtocolEnum protocol); 57 58 void PlugAllHoles(); 59 60 bool AddAcceptRules(ProtocolEnum protocol, 61 uint16_t port, 62 const std::string& interface); 63 bool DeleteAcceptRules(ProtocolEnum protocol, 64 uint16_t port, 65 const std::string& interface); 66 bool AddAcceptRule(const std::string& executable_path, 67 ProtocolEnum protocol, 68 uint16_t port, 69 const std::string& interface); 70 bool DeleteAcceptRule(const std::string& executable_path, 71 ProtocolEnum protocol, 72 uint16_t port, 73 const std::string& interface); 74 75 bool ApplyVpnSetup(const std::vector<std::string>& usernames, 76 const std::string& interface, 77 bool add); 78 79 bool ApplyMasquerade(const std::string& interface, 80 bool add); 81 82 bool ApplyMarkForUserTraffic(const std::string& user_name, 83 bool add); 84 85 bool ApplyRuleForUserTraffic(bool add); 86 87 std::string ip4_exec_path_; 88 std::string ip6_exec_path_; 89 90 // Keep track of firewall holes to avoid adding redundant firewall rules. 91 std::set<Hole> tcp_holes_; 92 std::set<Hole> udp_holes_; 93 94 DISALLOW_COPY_AND_ASSIGN(IpTables); 95}; 96 97} // namespace firewalld 98 99#endif // FIREWALLD_IPTABLES_H_ 100