• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * libjingle
3  * Copyright 2004--2005, Google Inc.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions are met:
7  *
8  *  1. Redistributions of source code must retain the above copyright notice,
9  *     this list of conditions and the following disclaimer.
10  *  2. Redistributions in binary form must reproduce the above copyright notice,
11  *     this list of conditions and the following disclaimer in the documentation
12  *     and/or other materials provided with the distribution.
13  *  3. The name of the author may not be used to endorse or promote products
14  *     derived from this software without specific prior written permission.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19  * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22  * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  */
27 
28 #ifndef TALK_BASE_FIREWALLSOCKETSERVER_H_
29 #define TALK_BASE_FIREWALLSOCKETSERVER_H_
30 
31 #include <vector>
32 #include "talk/base/socketserver.h"
33 #include "talk/base/criticalsection.h"
34 
35 namespace talk_base {
36 
37 class FirewallManager;
38 
39 // This SocketServer shim simulates a rule-based firewall server.
40 
41 enum FirewallProtocol { FP_UDP, FP_TCP, FP_ANY };
42 enum FirewallDirection { FD_IN, FD_OUT, FD_ANY };
43 
44 class FirewallSocketServer : public SocketServer {
45  public:
46   FirewallSocketServer(SocketServer * server,
47                        FirewallManager * manager = NULL,
48                        bool should_delete_server = false);
49   virtual ~FirewallSocketServer();
50 
socketserver()51   SocketServer* socketserver() const { return server_; }
set_socketserver(SocketServer * server)52   void set_socketserver(SocketServer* server) {
53     if (server_ && should_delete_server_) {
54       delete server_;
55       server_ = NULL;
56       should_delete_server_ = false;
57     }
58     server_ = server;
59   }
60 
61   // Settings to control whether CreateSocket or Socket::Listen succeed.
set_udp_sockets_enabled(bool enabled)62   void set_udp_sockets_enabled(bool enabled) { udp_sockets_enabled_ = enabled; }
set_tcp_sockets_enabled(bool enabled)63   void set_tcp_sockets_enabled(bool enabled) { tcp_sockets_enabled_ = enabled; }
tcp_listen_enabled()64   bool tcp_listen_enabled() const { return tcp_listen_enabled_; }
set_tcp_listen_enabled(bool enabled)65   void set_tcp_listen_enabled(bool enabled) { tcp_listen_enabled_ = enabled; }
66 
67   // Rules govern the behavior of Connect/Accept/Send/Recv attempts.
68   void AddRule(bool allow, FirewallProtocol p = FP_ANY,
69                FirewallDirection d = FD_ANY,
70                const SocketAddress& addr = SocketAddress());
71   void AddRule(bool allow, FirewallProtocol p,
72                const SocketAddress& src, const SocketAddress& dst);
73   void ClearRules();
74 
75   bool Check(FirewallProtocol p,
76              const SocketAddress& src, const SocketAddress& dst);
77 
78   virtual Socket* CreateSocket(int type);
79   virtual Socket* CreateSocket(int family, int type);
80 
81   virtual AsyncSocket* CreateAsyncSocket(int type);
82   virtual AsyncSocket* CreateAsyncSocket(int family, int type);
83 
SetMessageQueue(MessageQueue * queue)84   virtual void SetMessageQueue(MessageQueue* queue) {
85     server_->SetMessageQueue(queue);
86   }
Wait(int cms,bool process_io)87   virtual bool Wait(int cms, bool process_io) {
88     return server_->Wait(cms, process_io);
89   }
WakeUp()90   virtual void WakeUp() {
91     return server_->WakeUp();
92   }
93 
94   Socket * WrapSocket(Socket * sock, int type);
95   AsyncSocket * WrapSocket(AsyncSocket * sock, int type);
96 
97  private:
98   SocketServer * server_;
99   FirewallManager * manager_;
100   CriticalSection crit_;
101   struct Rule {
102     bool allow;
103     FirewallProtocol p;
104     FirewallDirection d;
105     SocketAddress src;
106     SocketAddress dst;
107   };
108   std::vector<Rule> rules_;
109   bool should_delete_server_;
110   bool udp_sockets_enabled_;
111   bool tcp_sockets_enabled_;
112   bool tcp_listen_enabled_;
113 };
114 
115 // FirewallManager allows you to manage firewalls in multiple threads together
116 
117 class FirewallManager {
118  public:
119   FirewallManager();
120   ~FirewallManager();
121 
122   void AddServer(FirewallSocketServer * server);
123   void RemoveServer(FirewallSocketServer * server);
124 
125   void AddRule(bool allow, FirewallProtocol p = FP_ANY,
126                FirewallDirection d = FD_ANY,
127                const SocketAddress& addr = SocketAddress());
128   void ClearRules();
129 
130  private:
131   CriticalSection crit_;
132   std::vector<FirewallSocketServer *> servers_;
133 };
134 
135 }  // namespace talk_base
136 
137 #endif  // TALK_BASE_FIREWALLSOCKETSERVER_H_
138