Home | History | Annotate | Download | only in base 
      1 /*
      2  * libjingle
      3  * Copyright 2004--2005, Google Inc.
      4  *
      5  * Redistribution and use in source and binary forms, with or without
      6  * modification, are permitted provided that the following conditions are met:
      7  *
      8  *  1. Redistributions of source code must retain the above copyright notice,
      9  *     this list of conditions and the following disclaimer.
     10  *  2. Redistributions in binary form must reproduce the above copyright notice,
     11  *     this list of conditions and the following disclaimer in the documentation
     12  *     and/or other materials provided with the distribution.
     13  *  3. The name of the author may not be used to endorse or promote products
     14  *     derived from this software without specific prior written permission.
     15  *
     16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
     17  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
     18  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
     19  * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     20  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
     21  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
     22  * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
     23  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
     24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
     25  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     26  */
     27 
     28 #ifndef TALK_BASE_FIREWALLSOCKETSERVER_H_
     29 #define TALK_BASE_FIREWALLSOCKETSERVER_H_
     30 
     31 #include <vector>
     32 #include "talk/base/socketserver.h"
     33 #include "talk/base/criticalsection.h"
     34 
     35 namespace talk_base {
     36 
     37 class FirewallManager;
     38 
     39 // This SocketServer shim simulates a rule-based firewall server.
     40 
     41 enum FirewallProtocol { FP_UDP, FP_TCP, FP_ANY };
     42 enum FirewallDirection { FD_IN, FD_OUT, FD_ANY };
     43 
     44 class FirewallSocketServer : public SocketServer {
     45  public:
     46   FirewallSocketServer(SocketServer * server,
     47                        FirewallManager * manager = NULL,
     48                        bool should_delete_server = false);
     49   virtual ~FirewallSocketServer();
     50 
     51   SocketServer* socketserver() const { return server_; }
     52   void set_socketserver(SocketServer* server) {
     53     if (server_ && should_delete_server_) {
     54       delete server_;
     55       server_ = NULL;
     56       should_delete_server_ = false;
     57     }
     58     server_ = server;
     59   }
     60 
     61   // Settings to control whether CreateSocket or Socket::Listen succeed.
     62   void set_udp_sockets_enabled(bool enabled) { udp_sockets_enabled_ = enabled; }
     63   void set_tcp_sockets_enabled(bool enabled) { tcp_sockets_enabled_ = enabled; }
     64   bool tcp_listen_enabled() const { return tcp_listen_enabled_; }
     65   void set_tcp_listen_enabled(bool enabled) { tcp_listen_enabled_ = enabled; }
     66 
     67   // Rules govern the behavior of Connect/Accept/Send/Recv attempts.
     68   void AddRule(bool allow, FirewallProtocol p = FP_ANY,
     69                FirewallDirection d = FD_ANY,
     70                const SocketAddress& addr = SocketAddress());
     71   void AddRule(bool allow, FirewallProtocol p,
     72                const SocketAddress& src, const SocketAddress& dst);
     73   void ClearRules();
     74 
     75   bool Check(FirewallProtocol p,
     76              const SocketAddress& src, const SocketAddress& dst);
     77 
     78   virtual Socket* CreateSocket(int type);
     79   virtual AsyncSocket* CreateAsyncSocket(int type);
     80   virtual void SetMessageQueue(MessageQueue* queue) {
     81     server_->SetMessageQueue(queue);
     82   }
     83   virtual bool Wait(int cms, bool process_io) {
     84     return server_->Wait(cms, process_io);
     85   }
     86   virtual void WakeUp() {
     87     return server_->WakeUp();
     88   }
     89 
     90   Socket * WrapSocket(Socket * sock, int type);
     91   AsyncSocket * WrapSocket(AsyncSocket * sock, int type);
     92 
     93  private:
     94   SocketServer * server_;
     95   FirewallManager * manager_;
     96   CriticalSection crit_;
     97   struct Rule {
     98     bool allow;
     99     FirewallProtocol p;
    100     FirewallDirection d;
    101     SocketAddress src;
    102     SocketAddress dst;
    103   };
    104   std::vector<Rule> rules_;
    105   bool should_delete_server_;
    106   bool udp_sockets_enabled_;
    107   bool tcp_sockets_enabled_;
    108   bool tcp_listen_enabled_;
    109 };
    110 
    111 // FirewallManager allows you to manage firewalls in multiple threads together
    112 
    113 class FirewallManager {
    114  public:
    115   FirewallManager();
    116   ~FirewallManager();
    117 
    118   void AddServer(FirewallSocketServer * server);
    119   void RemoveServer(FirewallSocketServer * server);
    120 
    121   void AddRule(bool allow, FirewallProtocol p = FP_ANY,
    122                FirewallDirection d = FD_ANY,
    123                const SocketAddress& addr = SocketAddress());
    124   void ClearRules();
    125 
    126  private:
    127   CriticalSection crit_;
    128   std::vector<FirewallSocketServer *> servers_;
    129 };
    130 
    131 }  // namespace talk_base
    132 
    133 #endif  // TALK_BASE_FIREWALLSOCKETSERVER_H_
    134