summaryrefslogtreecommitdiffstats
path: root/third_party/libwebrtc/webrtc/rtc_base/firewallsocketserver.h
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/libwebrtc/webrtc/rtc_base/firewallsocketserver.h')
-rw-r--r--third_party/libwebrtc/webrtc/rtc_base/firewallsocketserver.h125
1 files changed, 125 insertions, 0 deletions
diff --git a/third_party/libwebrtc/webrtc/rtc_base/firewallsocketserver.h b/third_party/libwebrtc/webrtc/rtc_base/firewallsocketserver.h
new file mode 100644
index 0000000000..9f04946572
--- /dev/null
+++ b/third_party/libwebrtc/webrtc/rtc_base/firewallsocketserver.h
@@ -0,0 +1,125 @@
+/*
+ * Copyright 2004 The WebRTC Project Authors. All rights reserved.
+ *
+ * Use of this source code is governed by a BSD-style license
+ * that can be found in the LICENSE file in the root of the source
+ * tree. An additional intellectual property rights grant can be found
+ * in the file PATENTS. All contributing project authors may
+ * be found in the AUTHORS file in the root of the source tree.
+ */
+
+#ifndef RTC_BASE_FIREWALLSOCKETSERVER_H_
+#define RTC_BASE_FIREWALLSOCKETSERVER_H_
+
+#include <vector>
+#include "rtc_base/criticalsection.h"
+#include "rtc_base/socketserver.h"
+
+namespace rtc {
+
+class FirewallManager;
+
+// This SocketServer shim simulates a rule-based firewall server.
+
+enum FirewallProtocol { FP_UDP, FP_TCP, FP_ANY };
+enum FirewallDirection { FD_IN, FD_OUT, FD_ANY };
+
+class FirewallSocketServer : public SocketServer {
+ public:
+ FirewallSocketServer(SocketServer* server,
+ FirewallManager* manager = nullptr,
+ bool should_delete_server = false);
+ ~FirewallSocketServer() override;
+
+ SocketServer* socketserver() const { return server_; }
+ void set_socketserver(SocketServer* server) {
+ if (server_ && should_delete_server_) {
+ delete server_;
+ server_ = nullptr;
+ should_delete_server_ = false;
+ }
+ server_ = server;
+ }
+
+ // Settings to control whether CreateSocket or Socket::Listen succeed.
+ void set_udp_sockets_enabled(bool enabled) { udp_sockets_enabled_ = enabled; }
+ void set_tcp_sockets_enabled(bool enabled) { tcp_sockets_enabled_ = enabled; }
+ bool tcp_listen_enabled() const { return tcp_listen_enabled_; }
+ void set_tcp_listen_enabled(bool enabled) { tcp_listen_enabled_ = enabled; }
+
+ // Rules govern the behavior of Connect/Accept/Send/Recv attempts.
+ void AddRule(bool allow, FirewallProtocol p = FP_ANY,
+ FirewallDirection d = FD_ANY,
+ const SocketAddress& addr = SocketAddress());
+ void AddRule(bool allow, FirewallProtocol p,
+ const SocketAddress& src, const SocketAddress& dst);
+ void ClearRules();
+
+ bool Check(FirewallProtocol p,
+ const SocketAddress& src, const SocketAddress& dst);
+
+ // Set the IP addresses for which Bind will fail. By default this list is
+ // empty. This can be used to simulate a real OS that refuses to bind to
+ // addresses under various circumstances.
+ //
+ // No matter how many addresses are added (including INADDR_ANY), the server
+ // will still allow creating outgoing TCP connections, since they don't
+ // require explicitly binding a socket.
+ void SetUnbindableIps(const std::vector<rtc::IPAddress>& unbindable_ips);
+ bool IsBindableIp(const rtc::IPAddress& ip);
+
+ Socket* CreateSocket(int type) override;
+ Socket* CreateSocket(int family, int type) override;
+
+ AsyncSocket* CreateAsyncSocket(int type) override;
+ AsyncSocket* CreateAsyncSocket(int family, int type) override;
+
+ void SetMessageQueue(MessageQueue* queue) override;
+ bool Wait(int cms, bool process_io) override;
+ void WakeUp() override;
+
+ Socket * WrapSocket(Socket * sock, int type);
+ AsyncSocket * WrapSocket(AsyncSocket * sock, int type);
+
+ private:
+ SocketServer * server_;
+ FirewallManager * manager_;
+ CriticalSection crit_;
+ struct Rule {
+ bool allow;
+ FirewallProtocol p;
+ FirewallDirection d;
+ SocketAddress src;
+ SocketAddress dst;
+ };
+ std::vector<Rule> rules_;
+ std::vector<rtc::IPAddress> unbindable_ips_;
+ bool should_delete_server_;
+ bool udp_sockets_enabled_;
+ bool tcp_sockets_enabled_;
+ bool tcp_listen_enabled_;
+};
+
+// FirewallManager allows you to manage firewalls in multiple threads together
+
+class FirewallManager {
+ public:
+ FirewallManager();
+ ~FirewallManager();
+
+ void AddServer(FirewallSocketServer * server);
+ void RemoveServer(FirewallSocketServer * server);
+
+ void AddRule(bool allow, FirewallProtocol p = FP_ANY,
+ FirewallDirection d = FD_ANY,
+ const SocketAddress& addr = SocketAddress());
+ void ClearRules();
+
+ private:
+ CriticalSection crit_;
+ std::vector<FirewallSocketServer *> servers_;
+};
+
+} // namespace rtc
+
+#endif // RTC_BASE_FIREWALLSOCKETSERVER_H_
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-22 20:56:23 +0000