1 /* 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. 3 * 4 * Use of this source code is governed by a BSD-style license 5 * that can be found in the LICENSE file in the root of the source 6 * tree. An additional intellectual property rights grant can be found 7 * in the file PATENTS. All contributing project authors may 8 * be found in the AUTHORS file in the root of the source tree. 9 */ 10 11 #ifndef WEBRTC_BASE_FIREWALLSOCKETSERVER_H_ 12 #define WEBRTC_BASE_FIREWALLSOCKETSERVER_H_ 13 14 #include <vector> 15 #include "webrtc/base/socketserver.h" 16 #include "webrtc/base/criticalsection.h" 17 18 namespace rtc { 19 20 class FirewallManager; 21 22 // This SocketServer shim simulates a rule-based firewall server. 23 24 enum FirewallProtocol { FP_UDP, FP_TCP, FP_ANY }; 25 enum FirewallDirection { FD_IN, FD_OUT, FD_ANY }; 26 27 class FirewallSocketServer : public SocketServer { 28 public: 29 FirewallSocketServer(SocketServer * server, 30 FirewallManager * manager = NULL, 31 bool should_delete_server = false); 32 ~FirewallSocketServer() override; 33 34 SocketServer* socketserver() const { return server_; } 35 void set_socketserver(SocketServer* server) { 36 if (server_ && should_delete_server_) { 37 delete server_; 38 server_ = NULL; 39 should_delete_server_ = false; 40 } 41 server_ = server; 42 } 43 44 // Settings to control whether CreateSocket or Socket::Listen succeed. 45 void set_udp_sockets_enabled(bool enabled) { udp_sockets_enabled_ = enabled; } 46 void set_tcp_sockets_enabled(bool enabled) { tcp_sockets_enabled_ = enabled; } 47 bool tcp_listen_enabled() const { return tcp_listen_enabled_; } 48 void set_tcp_listen_enabled(bool enabled) { tcp_listen_enabled_ = enabled; } 49 50 // Rules govern the behavior of Connect/Accept/Send/Recv attempts. 51 void AddRule(bool allow, FirewallProtocol p = FP_ANY, 52 FirewallDirection d = FD_ANY, 53 const SocketAddress& addr = SocketAddress()); 54 void AddRule(bool allow, FirewallProtocol p, 55 const SocketAddress& src, const SocketAddress& dst); 56 void ClearRules(); 57 58 bool Check(FirewallProtocol p, 59 const SocketAddress& src, const SocketAddress& dst); 60 61 Socket* CreateSocket(int type) override; 62 Socket* CreateSocket(int family, int type) override; 63 64 AsyncSocket* CreateAsyncSocket(int type) override; 65 AsyncSocket* CreateAsyncSocket(int family, int type) override; 66 67 void SetMessageQueue(MessageQueue* queue) override; 68 bool Wait(int cms, bool process_io) override; 69 void WakeUp() override; 70 71 Socket * WrapSocket(Socket * sock, int type); 72 AsyncSocket * WrapSocket(AsyncSocket * sock, int type); 73 74 private: 75 SocketServer * server_; 76 FirewallManager * manager_; 77 CriticalSection crit_; 78 struct Rule { 79 bool allow; 80 FirewallProtocol p; 81 FirewallDirection d; 82 SocketAddress src; 83 SocketAddress dst; 84 }; 85 std::vector<Rule> rules_; 86 bool should_delete_server_; 87 bool udp_sockets_enabled_; 88 bool tcp_sockets_enabled_; 89 bool tcp_listen_enabled_; 90 }; 91 92 // FirewallManager allows you to manage firewalls in multiple threads together 93 94 class FirewallManager { 95 public: 96 FirewallManager(); 97 ~FirewallManager(); 98 99 void AddServer(FirewallSocketServer * server); 100 void RemoveServer(FirewallSocketServer * server); 101 102 void AddRule(bool allow, FirewallProtocol p = FP_ANY, 103 FirewallDirection d = FD_ANY, 104 const SocketAddress& addr = SocketAddress()); 105 void ClearRules(); 106 107 private: 108 CriticalSection crit_; 109 std::vector<FirewallSocketServer *> servers_; 110 }; 111 112 } // namespace rtc 113 114 #endif // WEBRTC_BASE_FIREWALLSOCKETSERVER_H_ 115