Home | History | Annotate | Download | only in base 
      1 /*
      2  * libjingle
      3  * Copyright 2004--2005, Google Inc.
      4  *
      5  * Redistribution and use in source and binary forms, with or without
      6  * modification, are permitted provided that the following conditions are met:
      7  *
      8  *  1. Redistributions of source code must retain the above copyright notice,
      9  *     this list of conditions and the following disclaimer.
     10  *  2. Redistributions in binary form must reproduce the above copyright notice,
     11  *     this list of conditions and the following disclaimer in the documentation
     12  *     and/or other materials provided with the distribution.
     13  *  3. The name of the author may not be used to endorse or promote products
     14  *     derived from this software without specific prior written permission.
     15  *
     16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
     17  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
     18  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
     19  * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     20  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
     21  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
     22  * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
     23  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
     24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
     25  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     26  */
     27 
     28 #ifndef TALK_BASE_FIREWALLSOCKETSERVER_H_
     29 #define TALK_BASE_FIREWALLSOCKETSERVER_H_
     30 
     31 #include <vector>
     32 #include "talk/base/socketserver.h"
     33 #include "talk/base/criticalsection.h"
     34 
     35 namespace talk_base {
     36 
     37 class FirewallManager;
     38 
     39 // This SocketServer shim simulates a rule-based firewall server.
     40 
     41 enum FirewallProtocol { FP_UDP, FP_TCP, FP_ANY };
     42 enum FirewallDirection { FD_IN, FD_OUT, FD_ANY };
     43 
     44 class FirewallSocketServer : public SocketServer {
     45  public:
     46   FirewallSocketServer(SocketServer * server,
     47                        FirewallManager * manager = NULL,
     48                        bool should_delete_server = false);
     49   virtual ~FirewallSocketServer();
     50 
     51   SocketServer* socketserver() const { return server_; }
     52   void set_socketserver(SocketServer* server) {
     53     if (server_ && should_delete_server_) {
     54       delete server_;
     55       server_ = NULL;
     56       should_delete_server_ = false;
     57     }
     58     server_ = server;
     59   }
     60 
     61   // Settings to control whether CreateSocket or Socket::Listen succeed.
     62   void set_udp_sockets_enabled(bool enabled) { udp_sockets_enabled_ = enabled; }
     63   void set_tcp_sockets_enabled(bool enabled) { tcp_sockets_enabled_ = enabled; }
     64   bool tcp_listen_enabled() const { return tcp_listen_enabled_; }
     65   void set_tcp_listen_enabled(bool enabled) { tcp_listen_enabled_ = enabled; }
     66 
     67   // Rules govern the behavior of Connect/Accept/Send/Recv attempts.
     68   void AddRule(bool allow, FirewallProtocol p = FP_ANY,
     69                FirewallDirection d = FD_ANY,
     70                const SocketAddress& addr = SocketAddress());
     71   void AddRule(bool allow, FirewallProtocol p,
     72                const SocketAddress& src, const SocketAddress& dst);
     73   void ClearRules();
     74 
     75   bool Check(FirewallProtocol p,
     76              const SocketAddress& src, const SocketAddress& dst);
     77 
     78   virtual Socket* CreateSocket(int type);
     79   virtual Socket* CreateSocket(int family, int type);
     80 
     81   virtual AsyncSocket* CreateAsyncSocket(int type);
     82   virtual AsyncSocket* CreateAsyncSocket(int family, int type);
     83 
     84   virtual void SetMessageQueue(MessageQueue* queue) {
     85     server_->SetMessageQueue(queue);
     86   }
     87   virtual bool Wait(int cms, bool process_io) {
     88     return server_->Wait(cms, process_io);
     89   }
     90   virtual void WakeUp() {
     91     return server_->WakeUp();
     92   }
     93 
     94   Socket * WrapSocket(Socket * sock, int type);
     95   AsyncSocket * WrapSocket(AsyncSocket * sock, int type);
     96 
     97  private:
     98   SocketServer * server_;
     99   FirewallManager * manager_;
    100   CriticalSection crit_;
    101   struct Rule {
    102     bool allow;
    103     FirewallProtocol p;
    104     FirewallDirection d;
    105     SocketAddress src;
    106     SocketAddress dst;
    107   };
    108   std::vector<Rule> rules_;
    109   bool should_delete_server_;
    110   bool udp_sockets_enabled_;
    111   bool tcp_sockets_enabled_;
    112   bool tcp_listen_enabled_;
    113 };
    114 
    115 // FirewallManager allows you to manage firewalls in multiple threads together
    116 
    117 class FirewallManager {
    118  public:
    119   FirewallManager();
    120   ~FirewallManager();
    121 
    122   void AddServer(FirewallSocketServer * server);
    123   void RemoveServer(FirewallSocketServer * server);
    124 
    125   void AddRule(bool allow, FirewallProtocol p = FP_ANY,
    126                FirewallDirection d = FD_ANY,
    127                const SocketAddress& addr = SocketAddress());
    128   void ClearRules();
    129 
    130  private:
    131   CriticalSection crit_;
    132   std::vector<FirewallSocketServer *> servers_;
    133 };
    134 
    135 }  // namespace talk_base
    136 
    137 #endif  // TALK_BASE_FIREWALLSOCKETSERVER_H_
    138