1 /* 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. 3 * 4 * Use of this source code is governed by a BSD-style license 5 * that can be found in the LICENSE file in the root of the source 6 * tree. An additional intellectual property rights grant can be found 7 * in the file PATENTS. All contributing project authors may 8 * be found in the AUTHORS file in the root of the source tree. 9 */ 10 11 #ifndef WEBRTC_BASE_FIREWALLSOCKETSERVER_H_ 12 #define WEBRTC_BASE_FIREWALLSOCKETSERVER_H_ 13 14 #include <vector> 15 #include "webrtc/base/socketserver.h" 16 #include "webrtc/base/criticalsection.h" 17 18 namespace rtc { 19 20 class FirewallManager; 21 22 // This SocketServer shim simulates a rule-based firewall server. 23 24 enum FirewallProtocol { FP_UDP, FP_TCP, FP_ANY }; 25 enum FirewallDirection { FD_IN, FD_OUT, FD_ANY }; 26 27 class FirewallSocketServer : public SocketServer { 28 public: 29 FirewallSocketServer(SocketServer * server, 30 FirewallManager * manager = NULL, 31 bool should_delete_server = false); 32 virtual ~FirewallSocketServer(); 33 socketserver()34 SocketServer* socketserver() const { return server_; } set_socketserver(SocketServer * server)35 void set_socketserver(SocketServer* server) { 36 if (server_ && should_delete_server_) { 37 delete server_; 38 server_ = NULL; 39 should_delete_server_ = false; 40 } 41 server_ = server; 42 } 43 44 // Settings to control whether CreateSocket or Socket::Listen succeed. set_udp_sockets_enabled(bool enabled)45 void set_udp_sockets_enabled(bool enabled) { udp_sockets_enabled_ = enabled; } set_tcp_sockets_enabled(bool enabled)46 void set_tcp_sockets_enabled(bool enabled) { tcp_sockets_enabled_ = enabled; } tcp_listen_enabled()47 bool tcp_listen_enabled() const { return tcp_listen_enabled_; } set_tcp_listen_enabled(bool enabled)48 void set_tcp_listen_enabled(bool enabled) { tcp_listen_enabled_ = enabled; } 49 50 // Rules govern the behavior of Connect/Accept/Send/Recv attempts. 51 void AddRule(bool allow, FirewallProtocol p = FP_ANY, 52 FirewallDirection d = FD_ANY, 53 const SocketAddress& addr = SocketAddress()); 54 void AddRule(bool allow, FirewallProtocol p, 55 const SocketAddress& src, const SocketAddress& dst); 56 void ClearRules(); 57 58 bool Check(FirewallProtocol p, 59 const SocketAddress& src, const SocketAddress& dst); 60 61 virtual Socket* CreateSocket(int type); 62 virtual Socket* CreateSocket(int family, int type); 63 64 virtual AsyncSocket* CreateAsyncSocket(int type); 65 virtual AsyncSocket* CreateAsyncSocket(int family, int type); 66 SetMessageQueue(MessageQueue * queue)67 virtual void SetMessageQueue(MessageQueue* queue) { 68 server_->SetMessageQueue(queue); 69 } Wait(int cms,bool process_io)70 virtual bool Wait(int cms, bool process_io) { 71 return server_->Wait(cms, process_io); 72 } WakeUp()73 virtual void WakeUp() { 74 return server_->WakeUp(); 75 } 76 77 Socket * WrapSocket(Socket * sock, int type); 78 AsyncSocket * WrapSocket(AsyncSocket * sock, int type); 79 80 private: 81 SocketServer * server_; 82 FirewallManager * manager_; 83 CriticalSection crit_; 84 struct Rule { 85 bool allow; 86 FirewallProtocol p; 87 FirewallDirection d; 88 SocketAddress src; 89 SocketAddress dst; 90 }; 91 std::vector<Rule> rules_; 92 bool should_delete_server_; 93 bool udp_sockets_enabled_; 94 bool tcp_sockets_enabled_; 95 bool tcp_listen_enabled_; 96 }; 97 98 // FirewallManager allows you to manage firewalls in multiple threads together 99 100 class FirewallManager { 101 public: 102 FirewallManager(); 103 ~FirewallManager(); 104 105 void AddServer(FirewallSocketServer * server); 106 void RemoveServer(FirewallSocketServer * server); 107 108 void AddRule(bool allow, FirewallProtocol p = FP_ANY, 109 FirewallDirection d = FD_ANY, 110 const SocketAddress& addr = SocketAddress()); 111 void ClearRules(); 112 113 private: 114 CriticalSection crit_; 115 std::vector<FirewallSocketServer *> servers_; 116 }; 117 118 } // namespace rtc 119 120 #endif // WEBRTC_BASE_FIREWALLSOCKETSERVER_H_ 121