3
* Copyright 2004--2005, Google Inc.
5
* Redistribution and use in source and binary forms, with or without
6
* modification, are permitted provided that the following conditions are met:
8
* 1. Redistributions of source code must retain the above copyright notice,
9
* this list of conditions and the following disclaimer.
10
* 2. Redistributions in binary form must reproduce the above copyright notice,
11
* this list of conditions and the following disclaimer in the documentation
12
* and/or other materials provided with the distribution.
13
* 3. The name of the author may not be used to endorse or promote products
14
* derived from this software without specific prior written permission.
16
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19
* EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28
#ifndef TALK_BASE_FIREWALLSOCKETSERVER_H_
29
#define TALK_BASE_FIREWALLSOCKETSERVER_H_
32
#include "talk/base/socketserver.h"
33
#include "talk/base/criticalsection.h"
37
class FirewallManager;
39
// This SocketServer shim simulates a rule-based firewall server.
41
enum FirewallProtocol { FP_UDP, FP_TCP, FP_ANY };
42
enum FirewallDirection { FD_IN, FD_OUT, FD_ANY };
44
class FirewallSocketServer : public SocketServer {
46
FirewallSocketServer(SocketServer * server,
47
FirewallManager * manager = NULL,
48
bool should_delete_server = false);
49
virtual ~FirewallSocketServer();
51
SocketServer* socketserver() const { return server_; }
52
void set_socketserver(SocketServer* server) {
53
if (server_ && should_delete_server_) {
56
should_delete_server_ = false;
61
// Settings to control whether CreateSocket or Socket::Listen succeed.
62
void set_udp_sockets_enabled(bool enabled) { udp_sockets_enabled_ = enabled; }
63
void set_tcp_sockets_enabled(bool enabled) { tcp_sockets_enabled_ = enabled; }
64
bool tcp_listen_enabled() const { return tcp_listen_enabled_; }
65
void set_tcp_listen_enabled(bool enabled) { tcp_listen_enabled_ = enabled; }
67
// Rules govern the behavior of Connect/Accept/Send/Recv attempts.
68
void AddRule(bool allow, FirewallProtocol p = FP_ANY,
69
FirewallDirection d = FD_ANY,
70
const SocketAddress& addr = SocketAddress());
71
void AddRule(bool allow, FirewallProtocol p,
72
const SocketAddress& src, const SocketAddress& dst);
75
bool Check(FirewallProtocol p,
76
const SocketAddress& src, const SocketAddress& dst);
78
virtual Socket* CreateSocket(int type);
79
virtual Socket* CreateSocket(int family, int type);
81
virtual AsyncSocket* CreateAsyncSocket(int type);
82
virtual AsyncSocket* CreateAsyncSocket(int family, int type);
84
virtual void SetMessageQueue(MessageQueue* queue) {
85
server_->SetMessageQueue(queue);
87
virtual bool Wait(int cms, bool process_io) {
88
return server_->Wait(cms, process_io);
90
virtual void WakeUp() {
91
return server_->WakeUp();
94
Socket * WrapSocket(Socket * sock, int type);
95
AsyncSocket * WrapSocket(AsyncSocket * sock, int type);
98
SocketServer * server_;
99
FirewallManager * manager_;
100
CriticalSection crit_;
108
std::vector<Rule> rules_;
109
bool should_delete_server_;
110
bool udp_sockets_enabled_;
111
bool tcp_sockets_enabled_;
112
bool tcp_listen_enabled_;
115
// FirewallManager allows you to manage firewalls in multiple threads together
117
class FirewallManager {
122
void AddServer(FirewallSocketServer * server);
123
void RemoveServer(FirewallSocketServer * server);
125
void AddRule(bool allow, FirewallProtocol p = FP_ANY,
126
FirewallDirection d = FD_ANY,
127
const SocketAddress& addr = SocketAddress());
131
CriticalSection crit_;
132
std::vector<FirewallSocketServer *> servers_;
135
} // namespace talk_base
137
#endif // TALK_BASE_FIREWALLSOCKETSERVER_H_