• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * libjingle
3  * Copyright 2004--2005, Google Inc.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions are met:
7  *
8  *  1. Redistributions of source code must retain the above copyright notice,
9  *     this list of conditions and the following disclaimer.
10  *  2. Redistributions in binary form must reproduce the above copyright notice,
11  *     this list of conditions and the following disclaimer in the documentation
12  *     and/or other materials provided with the distribution.
13  *  3. The name of the author may not be used to endorse or promote products
14  *     derived from this software without specific prior written permission.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19  * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22  * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  */
27 
28 #ifndef TALK_BASE_FIREWALLSOCKETSERVER_H_
29 #define TALK_BASE_FIREWALLSOCKETSERVER_H_
30 
31 #include <vector>
32 #include "talk/base/socketserver.h"
33 #include "talk/base/criticalsection.h"
34 
35 namespace talk_base {
36 
37 class FirewallManager;
38 
39 // This SocketServer shim simulates a rule-based firewall server.
40 
41 enum FirewallProtocol { FP_UDP, FP_TCP, FP_ANY };
42 enum FirewallDirection { FD_IN, FD_OUT, FD_ANY };
43 
44 class FirewallSocketServer : public SocketServer {
45  public:
46   FirewallSocketServer(SocketServer * server,
47                        FirewallManager * manager = NULL,
48                        bool should_delete_server = false);
49   virtual ~FirewallSocketServer();
50 
socketserver()51   SocketServer* socketserver() const { return server_; }
set_socketserver(SocketServer * server)52   void set_socketserver(SocketServer* server) {
53     if (server_ && should_delete_server_) {
54       delete server_;
55       server_ = NULL;
56       should_delete_server_ = false;
57     }
58     server_ = server;
59   }
60 
61   // Settings to control whether CreateSocket or Socket::Listen succeed.
set_udp_sockets_enabled(bool enabled)62   void set_udp_sockets_enabled(bool enabled) { udp_sockets_enabled_ = enabled; }
set_tcp_sockets_enabled(bool enabled)63   void set_tcp_sockets_enabled(bool enabled) { tcp_sockets_enabled_ = enabled; }
tcp_listen_enabled()64   bool tcp_listen_enabled() const { return tcp_listen_enabled_; }
set_tcp_listen_enabled(bool enabled)65   void set_tcp_listen_enabled(bool enabled) { tcp_listen_enabled_ = enabled; }
66 
67   // Rules govern the behavior of Connect/Accept/Send/Recv attempts.
68   void AddRule(bool allow, FirewallProtocol p = FP_ANY,
69                FirewallDirection d = FD_ANY,
70                const SocketAddress& addr = SocketAddress());
71   void AddRule(bool allow, FirewallProtocol p,
72                const SocketAddress& src, const SocketAddress& dst);
73   void ClearRules();
74 
75   bool Check(FirewallProtocol p,
76              const SocketAddress& src, const SocketAddress& dst);
77 
78   virtual Socket* CreateSocket(int type);
79   virtual AsyncSocket* CreateAsyncSocket(int type);
SetMessageQueue(MessageQueue * queue)80   virtual void SetMessageQueue(MessageQueue* queue) {
81     server_->SetMessageQueue(queue);
82   }
Wait(int cms,bool process_io)83   virtual bool Wait(int cms, bool process_io) {
84     return server_->Wait(cms, process_io);
85   }
WakeUp()86   virtual void WakeUp() {
87     return server_->WakeUp();
88   }
89 
90   Socket * WrapSocket(Socket * sock, int type);
91   AsyncSocket * WrapSocket(AsyncSocket * sock, int type);
92 
93  private:
94   SocketServer * server_;
95   FirewallManager * manager_;
96   CriticalSection crit_;
97   struct Rule {
98     bool allow;
99     FirewallProtocol p;
100     FirewallDirection d;
101     SocketAddress src;
102     SocketAddress dst;
103   };
104   std::vector<Rule> rules_;
105   bool should_delete_server_;
106   bool udp_sockets_enabled_;
107   bool tcp_sockets_enabled_;
108   bool tcp_listen_enabled_;
109 };
110 
111 // FirewallManager allows you to manage firewalls in multiple threads together
112 
113 class FirewallManager {
114  public:
115   FirewallManager();
116   ~FirewallManager();
117 
118   void AddServer(FirewallSocketServer * server);
119   void RemoveServer(FirewallSocketServer * server);
120 
121   void AddRule(bool allow, FirewallProtocol p = FP_ANY,
122                FirewallDirection d = FD_ANY,
123                const SocketAddress& addr = SocketAddress());
124   void ClearRules();
125 
126  private:
127   CriticalSection crit_;
128   std::vector<FirewallSocketServer *> servers_;
129 };
130 
131 }  // namespace talk_base
132 
133 #endif  // TALK_BASE_FIREWALLSOCKETSERVER_H_
134